Cloud HSM topic removed from security Specialist 2020 course ??.. why topic like aws kinesis are still not added to security specialist course ??
1 Answers
Hi, configuring CloudHSM doesn’t come up in the exam and I’ve temporarily unpublished that section while we update it because a few things have changed on some of the commands. – It is quite a long lab so it might take us a bit of time to get it fixed up and also we have to prioritise the order we update things so that we work on content that is actually in the exam before we update things that are more like a "nice to have".
We plan to add it back in once we’ve updated it as it’s a fun thing to try and do for yourself, however you won’t be tested on how to configure CloudHSM in the exam.
The main thing to keep in mind is the difference between CloudHSM and KMS – (KMS is multi-tenant and CloudHSM is single-tenant) and the different use cases, e.g. For most use cases KMS is acceptable and it is also the most cost effective option. However if you require your keys to be stored in dedicated, third-party validated hardware security modules under your exclusive control then CloudHSM is the way to go – you also pay more for CloudHSM of course as it the HSM is for your own exclusive use – (you pay an hourly fee for each HSM you launch until you terminate the HSM)
hope that helps,
Faye
Oh! I went through these HSM lectures just few days ago. Lucky me! To be honest, you didn’t miss that much. ACG topics were just bunch of OpenSSL commands and certificate management things that I bet would never show up on the exam. For Cloud HSM you need to understand the concepts and compliance requirements at most.