A company is developing a highly resilient application to be hosted on multiple Amazon EC2 instances. The application will store highly sensitive user data in A...
Amazon SCS-C01 Exam
Questions Number: 147 out of 160 Questions
91.88%
Question 147
A company is developing a highly resilient application to be hosted on multiple Amazon EC2 instances. The application will store highly sensitive user data in Amazon RDS tables. The application must: - Include migration to a different AWS Region in the application disaster recovery plan. - Provide a full audit trail of encryption key administration events. - Allow only company administrators to administer keys. - Protect data at rest using application layer encryption. A Security Engineer is evaluating options for encryption key management. Why should the Security Engineer choose AWS CloudHSM over AWS KMS for encryption key management in this situation?