SCS-C02 Domain 5: Data Protection

An audit found gaps: the organization must use HSM-backed keys for strict compliance. Which option addresses this? use HSM-backed keys for strict compliance.

Multiple choice — select one answer

Answer choices

  1. a. TLS 1.2+ on ALB/API and s3:// policies
  2. b. CloudHSM or KMS custom key store
  3. c. RDS encryption and SSL connections
  4. d. Amazon Macie

Architectural breakdown & explanation

CloudHSM provides single-tenant HSMs.

Correct answer(s): b. CloudHSM or KMS custom key store

Exam domain: Domain 5: Data Protection (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Security – Specialty bank. Run a full timed practice exam with domain-weighted random questions in your browser.