AWS Certified SysOps Administrator – Associate (legacy) — Question 516

A company issued SSL certificates to its users, and needs to ensure the private keys that are used to sign the certificates are encrypted. The company needs to be able to store the private keys and perform cryptographic signing operations in a secure environment.
Which service should be used to meet these requirements?

Answer options

• A. AWS CloudHSM
• B. AWS KMS
• C. AWS Certificate Manager
• D. Amazon Connect

Correct answer: C

Explanation

AWS Certificate Manager (ACM) is the dedicated service for provisioning, managing, and deploying SSL/TLS certificates, which automatically encrypts and securely stores the associated private keys. While AWS KMS and AWS CloudHSM offer cryptographic key storage, ACM specifically handles the lifecycle and signing operations for SSL certificates. Amazon Connect is a cloud contact center service and is entirely unrelated to certificate management.