AWS Certified SysOps Administrator – Associate (legacy) — Question 799

AWS Cloud Hardware Security Modules (HSMs) are designed to _____.

Answer options

• A. store your AWS keys safely
• B. provide another level of login security specifically for LDAP
• C. allow AWS to audit your infrastructure
• D. securely store cryptographic key material and use the key material without exposing it outside the cryptographic boundary of the appliance

Correct answer: D

Explanation

AWS CloudHSM is designed to provide secure, tamper-resistant hardware storage for cryptographic keys, allowing users to perform cryptographic operations without ever exposing the keys outside the hardware boundary. While it helps secure keys, it is not designed specifically for general AWS account keys, LDAP authentication, or infrastructure auditing. This hardware-based isolation ensures compliance with strict regulatory standards for data security.