Which AWS service generates encryption keys protected by FIPS 140-2 validated hardware security modules?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Prepare for the Amazon Web Services (CISN 74A) Security Test with our interactive quizzes. Use multiple choice questions with detailed hints and explanations to ace your exam.

The AWS Key Management Service (KMS) is the service that generates encryption keys protected by FIPS 140-2 validated hardware security modules. FIPS 140-2 is a U.S. government standard that defines security requirements for cryptographic modules. KMS allows users to create and control encryption keys used to encrypt their data across AWS services and in their applications.

By leveraging FIPS 140-2 validated hardware security modules, KMS ensures that the keys generated and protected meet strict security and compliance standards. This is critical for organizations that handle sensitive data and need to adhere to regulatory frameworks that demand such levels of security.

In contrast, while AWS CloudHSM is another service that provides hardware security modules and can also comply with FIPS 140-2, KMS is specifically designed for key management at scale and integrates seamlessly with many AWS services. AWS Shield is a security service for DDoS protection, and AWS IAM primarily focuses on identity and access management rather than encryption key generation.