ExpertHard1 markMultiple Choice
AWS SAA-C03 · Question 12 · Domain 1.3: Data Security
A company wants to share an encrypted Amazon RDS snapshot with another AWS account. The snapshot is encrypted using a customer managed AWS KMS key. Which TWO steps must the solutions architect take to share the snapshot? (Select TWO.)
A company wants to share an encrypted Amazon RDS snapshot with another AWS account. The snapshot is encrypted using a customer managed AWS KMS key. Which TWO steps must the solutions architect take to share the snapshot? (Select TWO.)
Answer options:
A.
Modify the KMS key policy to grant the target account permissions to use the key.
B.
Modify the RDS snapshot to use an AWS managed KMS key.
C.
Share the RDS snapshot with the target AWS account ID.
D.
Create an IAM role in the source account for the target account to assume.
E.
Copy the snapshot to an S3 bucket and share the bucket.
How to approach this question
When sharing encrypted resources across accounts, you must share BOTH the resource and the KMS key used to encrypt it.
Full Answer
To share an encrypted RDS snapshot, you must use a customer managed KMS key. You must share the snapshot itself with the target account AND update the KMS key policy to allow the target account to use the key.
Common mistakes
Thinking AWS managed keys can be shared across accounts.
Practice the full AWS SAA-C03 Practice Exam 3
65 questions · hints · full answers · grading
More questions from this exam
Q01A company stores sensitive documents in an Amazon S3 bucket. The security team requires that only...EasyQ02A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...MediumQ03A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (AL...EasyQ04A company wants to continuously monitor its AWS accounts for malicious activity and unauthorized ...MediumQ05A company needs to encrypt data at rest in Amazon RDS and manage database credentials securely. T...Medium