Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Learn AWS > AWS CloudHSM > Flashcards

AWS CloudHSM Flashcards

1
Q

When we use a CloudHSM what are we doing with the data?

A
  • Minimizing physical access
  • Minimizing logical access
  • Providing
  • -Confidentiality
  • -Integetery
  • -Availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a CloudHSM?

A

Provides HSM as a service, you

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

I need a CloudHSM, what do I need to do?

A
  • Create a CloudHSM cluster
  • Select a VPC
  • Create 3 subnets in VPC one in each AZ
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why would you need a CloudHSM over KMS?

A

You need an industry standard interface and libs, like,

  • PKCS#11
  • Java Crypto Extention (JCE)
  • Microsoft CryptoNG
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

I have an application that requires the use of PKCS#11, what AWS service do I need?

A

CloudHSM,KMS does not support standard interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How is the HSM functionality put in you VPC subnets, is it a VM or something else?

A

Each CloudHSM in the cluster is exposed in the VPN subnet using an endpoint interface(ENI). There will be an endpoint interface in each of the three subnets in three separate AZ’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What level of FIPS does CloudHSM support?

A

FIPS140-3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Does Wha have higher FIPS, KMS or CloudHSM, state levels?

A 
CloudHSM = FIPS140-3
KMS = FIPS140-2
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

I want to use the CloudHSM from my on-prem over both VPN and Direct connect, is this possible and how?

A

Yes, as the CloudHSM is exposed as an ENI, you can access from on-prem network through VPN or DirectConnect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Can I give AWS a physical cloud appliance and use it in my VPC?

A

No.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Is the CloudHSM highly available and why?

A

Yes, it is, it is provisioned as a cluster across three AZs in a VPC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How is an AWS CloudHSM integrated into your VPC?

A

The AWS CloudHSM is delivered as an ENS in your subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Is an HSM highly available by default?

A

No, you have to create a cluster across the AZs and each HSM hets delivered an ENI in you subnets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the FIPS rating on KMS?

A

FIPS 140-3 (KMS is= 2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

I need Fips140-3 compliant HSM from an on-prem application, I already have DirectConenct in place, what option do I have and explain the architecture?

A

You can use DirectConnetc to access the AWS CloudHSM service, you will need to set up a VOPC and create a two-node CloudHSM cluster for high availability. This will place two HSM in two separate AZ and two ENIs are created, one in each of the VPC subnets in separate AZ. You will then use existing direct connect to access the Cloud HSM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

I have a specialized physical HSM used in my DC and I am wanting to move my application to AWS cloud, how can I get AWS to host my physical HSM device?

A

You can, AWS will not host it, you can use DirectConnect to access the HSM form the AWS cloud.

Learn AWS (90 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions