A company is developing a highly resilient application to be hosted on multiple Amazon EC2 instances. The application will store highly sensitive user data in Amazon RDS tables
The application must
• Include migration to a different IAM Region in the application disaster recovery plan.
• Provide a full audit trail of encryption key administration events
• Allow only company administrators to administer keys.
• Protect data at rest using application layer encryption
A Security Engineer is evaluating options for encryption key management
Why should the Security Engineer choose IAM CloudHSM over IAM KMS for encryption key management in this situation?
A . The key administration event logging generated by CloudHSM is significantly more extensive than IAM KMS.
B . CloudHSM ensures that only company support staff can administer encryption keys, whereas IAM KMS allows IAM staff to administer keys
C . The ciphertext produced by CloudHSM provides more robust protection against brute force decryption attacks than the ciphertext produced by IAM KMS
D . CloudHSM provides the ability to copy keys to a different Region, whereas IAM KMS does not
Answer: B
Latest SCS-C02 Dumps Valid Version with 235 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund