CLF-C02 · Question #84
CLF-C02 Question #84: Real Exam Question with Answer & Explanation
The correct answer is C: AWS CloudHSM. AWS CloudHSM is correct because it provides dedicated Hardware Security Modules (HSMs) in the AWS cloud, allowing companies to generate, store, and manage cryptographic keys with full control over key management operations - meeting strict compliance and security requirements. Wh
Question
Which AWS service can a company use to manage encryption keys in the cloud?
Options
- AAWS License Manager
- BAWS Certificate Manager (ACM)
- CAWS CloudHSM
- DAWS Directory Service
Explanation
AWS CloudHSM is correct because it provides dedicated Hardware Security Modules (HSMs) in the AWS cloud, allowing companies to generate, store, and manage cryptographic keys with full control over key management operations - meeting strict compliance and security requirements.
Why the others are wrong:
- A. AWS License Manager - manages software licenses (e.g., Microsoft, Oracle), not encryption keys.
- B. AWS Certificate Manager (ACM) - handles SSL/TLS certificates for securing websites and applications, not general-purpose encryption key management.
- D. AWS Directory Service - provides managed Microsoft Active Directory for user authentication and access management, unrelated to encryption keys.
💡 Memory Tip: Think of HSM = "Holds Secret Material" - CloudHSM physically holds your encryption keys in tamper-resistant hardware. If you need key management, think KMS (AWS Key Management Service) for a managed option, or CloudHSM when you need dedicated hardware and full control.
Topics
Community Discussion
No community discussion yet for this question.