Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Certified Solution Architecture -- Associate > CloudHSM > Flashcards

CloudHSM Flashcards

1
Q

CloudHSM

A
    • is a dedicated physical machine/appliance isolated in order to store security keys and other types of encryption keys used within an application.
    • the key is used within the domain of the HSM appliance instead of being exposed outside the appliance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Special security mechanisms to make them more secure:

A
  • security key is used only within HSM
  • an HSM Client is used to expose the APIs of the HSM.
  • so an application can communicate with HSM to do the encryption or decryption of the data that we are requesting.
    • is physically isolated from other resources
    • Tamper resistance(build to notify via advanced logging).
  • on AWS, engineers have NO access to the keys.
    • If the keys are lost or reset, you will never be able to access the data stored in the appliance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Some types of keys that might be stored on HSMs

A

keys used to encrypt file systems
keys used to encrypt databases
keys used to provide DRM
used with S3 encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When to use CloudHSM instead of somethign like key management service?

A
    • when it is required.

- - not even AWS engineers have access to the keys in the cloudHSM applicance, only access to “manage” the appliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS Certified Solution Architecture -- Associate (31 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions