A company uses Amazon SageMaker to train sensitive ML models. Which AWS service should they use to encrypt the training data and model artifacts at rest?
Trap 1: AWS Secrets Manager
Secrets Manager stores secrets like database credentials, not encryption keys for data at rest.
Trap 2: AWS CloudHSM
CloudHSM provides hardware security modules but is not the standard service for SageMaker encryption; KMS is the primary key management service.
Trap 3: AWS Certificate Manager
ACM manages SSL/TLS certificates, not encryption keys for data at rest.
- A
AWS Secrets Manager
Why wrong: Secrets Manager stores secrets like database credentials, not encryption keys for data at rest.
- B
AWS CloudHSM
Why wrong: CloudHSM provides hardware security modules but is not the standard service for SageMaker encryption; KMS is the primary key management service.
- C
AWS Key Management Service (KMS)
KMS provides centralized control over encryption keys used to encrypt data at rest in SageMaker.
- D
AWS Certificate Manager
Why wrong: ACM manages SSL/TLS certificates, not encryption keys for data at rest.