Practice exams – section based, Category: SOA – Security and Compliance
A well-funded cryptocurrency startup has a key management service in their on-premises data center, which uses RSA asymmetric encryption algorithm and stores encryption keys. They are urgently planning to integrate their system to a highly available, secure service in AWS with FIPS 140-2 compliance.
As their SysOps Administrator, how can you implement this setup in a quick and efficient way?
I chose KMS, KMS is FIPS 140-2 compliant (according to the AWS faq: AWS KMS is designed so that no one, including AWS employees, can retrieve your plaintext keys from the service. The service uses hardware security modules (HSMs) that have been validated under FIPS 140-2, or are in the process of being validated, to protect the confidentiality and integrity of your keys. https://aws.amazon.com/kms/features/)
and the question didn’t mention that the customer needs a dedicated modules …
It is mentioning an RSA asymmetric encryption, and KMS does support that. (https://aws.amazon.com/about-aws/whats-new/2019/11/aws-key-management-service-supports-asymmetric-keys/)
Can you please explain why the CloudHSM is the correct answer?
This discussion was modified 3 years, 2 months ago by Ezz.