AWS Certified Solutions Architect – Professional — Question 372

In the context of AWS Cloud Hardware Security Module(HSM), does your application need to reside in the same VPC as the CloudHSM instance?

Answer options

• A. No, but the server or instance on which your application and the HSM client is running must have network (IP) reachability to the HSM.
• B. Yes, always
• C. No, but they must reside in the same Availability Zone.
• D. No, but it should reside in same Availability Zone as the DB instance.

Correct answer: A

Explanation

AWS CloudHSM does not require the application to be in the same VPC, as long as there is IP reachability between the application server running the HSM client and the HSM itself. This network connectivity can be achieved through VPC peering, VPN, or AWS Transit Gateway. Therefore, options B, C, and D are incorrect because they enforce unnecessary constraints regarding VPC or Availability Zone placement.