Topic 1 Question 252
A SysOps administrator is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company. All data must be encrypted at rest.
How should the administrator implement this process?
Write a script to download the encrypted snapshot, decrypt it using the AWS KMS encryption key used to encrypt the snapshot, then create a new volume in each account.
Update the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts, then share the snapshot with those accounts.
Create an Amazon EC2 instance based on the snapshot, then save the instance's Amazon EBS volume as a snapshot and share it with the other accounts. Require each account owner to create a new volume from that snapshot and encrypt it.
Create a new unencrypted RDS instance from the encrypted snapshot, connect to the instance using SSH/RDP, export the database contents into a file, then share this file with the other accounts.
ユーザの投票
コメント(3)
B is the answer from my point of view https://aws.amazon.com/premiumsupport/knowledge-center/share-encrypted-rds-snapshot-kms-key/
👍 3braveheart222023/03/04- 正解だと思う選択肢: B
The correct answer is B. You must first update the key policy use to encrypt the volume, then share it with other accounts.
👍 2csG132023/03/08 - 正解だと思う選択肢: B
B is correct
👍 1hpipit2023/03/24
シャッフルモード