A company has an on-premise asymmetric key management service. They want to implement a new key management service in AWS. One key requirement is that the hardware security modules (HSMs) in the AWS Cloud are managed by the company. How can you achieve this?

Answer options:

A.Use AWS Artifact
B.Use AWS CloudHSM.
C.Use AWS Secrets Manager.
D.Create an EC2 Instance to provision HSMs.

Correct Answer: B
With CloudHSM, you can operate your own HSMs for creating and controlling the encryption keys.
Option A is incorrect because AWS Artifact provides on-demand access to AWS security and compliance reports.
Option C is incorrect because with this service the company cannot manage its own HSMs.
Option D is incorrect because it is not a managed service for KMS.
For more information on AWS CloudHSM, please refer to the below URL-
https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.html