CyberArk PAM-CDE Recertification — Question 87

A customer is moving from an on-premises to a public cloud deployment.

What is the best and most cost-effective option to secure the server key?

Answer options

• A. Install the Vault in the cloud the same way that you would in an on-premises environment. Place the server key in a password protected folder on the operating system.
• B. Install the Vault in the cloud the same way that you would in an on-premises environment. Purchase a Hardware Security Module to secure the server key.
• C. Install the Vault using the Amazon Machine Images and secure the server key using native cloud Key Management Systems.
• D. Install the Vault using the Amazon Machine Images and secure the server key with a Hardware Security Module.

Correct answer: D

Explanation

The correct answer is D because using a Hardware Security Module (HSM) provides a high level of security for sensitive keys in the cloud. Options A and B do not leverage cloud-native security features, while option C, while effective, does not provide the same level of security as using an HSM.