AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A financial institution requires compliance with a regulation that mandates the use of validated hardware security modules to encrypt data at rest. Which service should be implemented to satisfy this prerequisite, given the need for FIPS 140-2 validation for key storage?
You selected this option
Object storage service with server-side encryption options
The service offered by the cloud provider that meets the requirement of FIPS 140-2 validated hardware for key storage and management is CloudHSM. This service provides dedicated hardware security modules within the cloud environment, allowing customers to manage their own encryption keys in compliance with strict regulatory standards. While the Key Management Service provides management of encryption keys, it does not offer customer-controlled hardware security modules, making it potentially non-compliant with certain regulations demanding FIPS 140-2 validation. Secrets storage and management service and the object storage service with encryption capabilities do not directly address the necessity for validated hardware-based key storage and management.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is FIPS 140-2 and why is it important for hardware security modules?
Open an interactive chat with Bash
Can you explain the differences between CloudHSM and AWS Key Management Service (KMS)?
Open an interactive chat with Bash
What types of industries typically require FIPS 140-2 compliance?