Topic 1 Question 114
A SysOps administrator has an AWS CloudFormation template that is used to deploy an encrypted Amazon Machine Image (AMI). The CloudFormation template will be used in a second account so the SysOps administrator copies the encrypted AMI to the second account. When launching the new CloudFormation stack in the second account, it fails. Which action should the SysOps administrator take to correct the issue?
Change the AMI permissions to mark the AMI as public.
Deregister the AMI in the source account.
Re-encrypt the destination AMI with an AWS Key Management Service (AWS KMS) key from the destination account.
Update the CloudFormation template with the ID of the AMI in the destination account.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: C
C!
While launching the instance from a shared encrypted AMI, you can specify a KMS key of your choice. You may also choose cmkSource to encrypt volumes in your account. However, we recommend that you re-encrypt the volumes using a KMS key in the target account. This protects you if the source KMS key is compromised, or if the source account revokes permissions, which could cause you to lose access to any encrypted volumes you created using cmkSource.
👍 3princajen2022/09/04 I'm inclined toward D in every sense.
👍 3braveheart222023/02/27It is D
👍 2weixing2022/11/10
シャッフルモード