MemberDecember 28, 2022 at 12:32 am
Hi! This is an issue with phrasing in a question. The question was as follows:
“An organization has an application that uses a key management service hosted in their on-premises data center, which stores encryption keys and uses an RSA asymmetric encryption algorithm. The Security team has been instructed to migrate the application to AWS. The keys must be stored in dedicated, third-party validated hardware security modules under the organization’s exclusive control.
Which is the BEST solution that you should implement to satisfy the above requirement?”
Note that with this phrasing and the context involving a migration of the customer (first -party) to AWS (second-party), the words “third-party” would be a party other than the customer or AWS.
The answer indicated using AWS CloudHSM, which would not be a third-party solution. I suggest simply changing the phrasing to say “vendor-provided” or “hosted off-site”. Referencing the hosting location is probably best as that may be the intent of using a second-party.
Because of the phrasing, I couldn’t easily identify the correct answer. Thanks!
Log in to reply.