AWS Certified Cloud Practitioner — Question 476

A security engineer wants a single-tenant AWS solution to create, control, and manage their own cryptographic keys to meet regulatory compliance requirements for data security.

Which AWS service should the engineer use?

Answer options

• A. AWS Key Management Service (AWS KMS)
• B. AWS Certificate Manager (ACM)
• C. AWS CloudHSM
• D. AWS Systems Manager

Correct answer: C

Explanation

AWS CloudHSM provides dedicated, single-tenant hardware security modules (HSMs) in the AWS Cloud, allowing customers to have sole control over their cryptographic keys for strict regulatory compliance. AWS KMS is a multi-tenant service managed by AWS, while ACM is used for SSL/TLS certificates and Systems Manager is for infrastructure administration.