A company needs to migrate an on-premises asymmetric key management system into AWS.
Which AWS service should be used to accomplish this?

Question

A company needs to migrate an on-premises asymmetric key management system into AWS. Which AWS service should be used to accomplish this?

Accepted Answer

Correct answer: B. B. AWS CloudHSM — AWS CloudHSM is the correct choice because it provides dedicated, single-tenant Hardware Security Modules (HSMs) that allow seamless migration of existing on-premises asymmetric key management systems using standard APIs. AWS KMS is a multi-tenant service that does not offer the same level of direct physical control over HSMs, while AWS Certificate Manager and AWS Secrets Manager are designed for SSL/TLS certificates and credential storage respectively, rather than general HSM-based key management.

AWS Certified SysOps Administrator – Associate (legacy) — Question 522

Answer options

Correct answer: B

Explanation