A company must keep cryptographic keys in its on-premises key manager because of regulatory requirements. The on-premises key manager is outside the AWS Cloud. The company wants to manage encryption and decryption using keys retained outside AWS and that support various external key managers from different vendors. Which solution meets these requirements with the LEAST operational overhead?
Choose an answer
Tap an option to check your answer.
Correct answer: Use an AWS Key Management Service (AWS KMS) external key store backed by an external key manager..
Why this is the answer
An AWS KMS external key store allows you to use cryptographic keys from an external key manager outside of AWS, while still integrating with AWS KMS for encryption operations. This directly addresses the requirement to keep keys on-premises due to regulatory compliance and supports various external key managers. This approach minimizes operational overhead by leveraging KMS for key usage while maintaining external key control. AWS
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed