Topic 1 Question 539
A company uses two AWS accounts: production and development. The company stores data in an Amazon S3 bucket that is in the production account. The data is encrypted with an AWS Key Management Service (AWS KMS) customer managed key. The company plans to copy the data to another S3 bucket that is in the development account.
A developer needs to use a KMS key to encrypt the data in the S3 bucket that is in the development account. The KMS key in the development account must be accessible from the production account,
Which solution will meet these requirements?
Replicate the customer managed KMS key from the production account to the development account. Specify the production account in the key policy.
Create a new customer managed KMS key in the development account. Specify the production account in the key policy.
Create a new AWS managed KMS key for Amazon S3 in the development account. Specify the production account in the key policy.
Replicate the default AWS managed KMS key for Amazon S3 from the production account to the development account. Specify the production account in the key policy.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: C
C or B I would say C. We don't know exactly which type of KMS key will be used in development account.. KMS cusutomer key or KMS AWS menaged key? I guess the second one so it could be just default aws/s3 key. The other thing is that production account should have access tho this new key but development account should not have access to AWS customer key in production account. Is is quite logical. Sharing acceess to key with other accaount is to specify the account in KMS key policy.
👍 10bdf3af2025/03/04
シャッフルモード