Topic 1 Question 6

AWS Certified DevOps Engineer - Professional

Topic 1 Question 6
A company must encrypt all AMIs that the company shares across accounts. A DevOps engineer has access to a source account where an unencrypted custom AMI has been built. The DevOps engineer also has access to a target account where an Amazon EC2 Auto Scaling group will launch EC2 instances from the AMI. The DevOps engineer must share the AMI with the target account. The company has created an AWS Key Management Service (AWS KMS) key in the source account. Which additional steps should the DevOps engineer perform to meet the requirements?

3 つ選択
- In the source account, copy the unencrypted AMI to an encrypted AMI. Specify the KMS key in the copy action.
- In the source account, copy the unencrypted AMI to an encrypted AMI. Specify the default Amazon Elastic Block Store (Amazon EBS) encryption key in the copy action.
- In the source account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role in the target account.
- In the source account, modify the key policy to give the target account permissions to create a grant. In the target account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role.
- In the source account, share the unencrypted AMI with the target account.
- In the source account, share the encrypted AMI with the target account.
ユーザの投票
コメント(7)
- 正解だと思う選択肢: ADF
  A D F for me. https://jackiechen.blog/2020/01/29/share-encrypted-ami-across-aws-accounts/
  
  👍 4
  Dimidrol2023/04/05
- 正解だと思う選択肢: ADF
  This is clearly stated in the document: https://docs.aws.amazon.com/autoscaling/ec2/userguide/key-policy-requirements-EBS-encryption.html Service linked role must get specific grant on the account it cannot use key policy
  
  👍 2
  asfsdfsdf2023/04/06
- 正解だと思う選択肢: ADF
  A D F are good
  
  👍 1
  911f9cf2023/04/06
シャッフルモード

ユーザの投票

コメント(7)