Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Certified Solutions Architect - Associate > CloudHSM > Flashcards

CloudHSM Flashcards

1
Q

What is the difference between CloudHSM and Key Management Service (KMS)?

A

Your part of KMS is isolated, but KMS is still shared between customers.

AWS has some level of access to. KMS.

CloudHSM is a true single tenant Hardware Security Module (HSM). It is AWS provision, but fully customer managed.

KMS is FIPS 140-2 Level 2 while CloudHSM is Level 3.

KMS uses AWS integrations for access. CloudHSM uses industry standard APIs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Is CloudHSM highly available by default?

A

No. It runs in a single AZ. You have to create a cluster across multiple AZs to implement HA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Can you use CloudHSM for S3 server-side encryption?

A

No. It has no native AWS integration. It can be used to perform client-side encryption before data is sent to S3, but it cannot be used by S3 to perform server-side encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What single tenant service can be used to offload SSL/TLS processing for web servers?

A

CloudHSM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What capability does CloudHSM provide for Oracle databases?

A

CloudHSM enables Transparent Data Encryption (TDE) for Oracle databases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What capability does CloudHSM provide to Certificate Authorities (CA)?

A

It can be used to protect private keys that are used to issue certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS Certified Solutions Architect - Associate (49 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions