ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 6 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 6
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company must encrypt all AMIs that the company shares across accounts. A DevOps engineer has access to a source account where an unencrypted custom AMI has been built. The DevOps engineer also has access to a target account where an Amazon EC2 Auto Scaling group will launch EC2 instances from the AMI. The DevOps engineer must share the AMI with the target account.
The company has created an AWS Key Management Service (AWS KMS) key in the source account.
Which additional steps should the DevOps engineer perform to meet the requirements? (Choose three.)

  • A. In the source account, copy the unencrypted AMI to an encrypted AMI. Specify the KMS key in the copy action.
  • B. In the source account, copy the unencrypted AMI to an encrypted AMI. Specify the default Amazon Elastic Block Store (Amazon EBS) encryption key in the copy action.
  • C. In the source account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role in the target account.
  • D. In the source account, modify the key policy to give the target account permissions to create a grant. In the target account, create a KMS grant that delegates permissions to the Auto Scaling group service-linked role.
  • E. In the source account, share the unencrypted AMI with the target account.
  • F. In the source account, share the encrypted AMI with the target account.
Show Suggested Answer Hide Answer
Suggested Answer: ADF 🗳️
by Dimidrol at April 5, 2023, 12:27 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kacsabacsi78
Highly Voted 1 year, 10 months ago
Selected Answer: ADF
ADF seems to be the correct answer
upvoted 11 times
...
Dimidrol
Highly Voted 2 years ago
Selected Answer: ADF
A D F for me. https://jackiechen.blog/2020/01/29/share-encrypted-ami-across-aws-accounts/
upvoted 9 times
...
life1991
Most Recent 2 weeks, 3 days ago
Selected Answer: ADF
i think so
upvoted 2 times
...
namtp
9 months ago
Selected Answer: ADF
ADF for me,
upvoted 1 times
...
martinarg2024
1 year, 2 months ago
Selected Answer: ADF
ADF is correct
upvoted 1 times
...
Vitalydt
1 year, 2 months ago
Selected Answer: ADF
A D F for me
upvoted 1 times
...
thanhnv142
1 year, 3 months ago
ADF: A: cannot be B because using KMS D: Must share with the account because grant is only temp F: share the AMI with the target
upvoted 2 times
...
thanhnv142
1 year, 3 months ago
AFD seem about right
upvoted 1 times
...
Jonalb
1 year, 3 months ago
ADF the correct answer
upvoted 1 times
...
khchan123
1 year, 3 months ago
Selected Answer: ACF
ACF. For autoscaling to work a KMS grant is needed
upvoted 1 times
khchan123
1 year, 3 months ago
Should be ADF
upvoted 1 times
...
...
harithzainudin
1 year, 4 months ago
Selected Answer: ADF
ADF is the right answer
upvoted 1 times
...
VrilianVirgil
1 year, 6 months ago
Selected Answer: ADF
C is incorrect as the AMI **MUST** be shared with the account. not just the scaling group. So it would make sense for the target account to create the grant.
upvoted 2 times
...
ataince
1 year, 7 months ago
Selected Answer: ADF
ADF is the right answer.
upvoted 1 times
...
BaburTurk
1 year, 8 months ago
Selected Answer: ADF
https://aws.amazon.com/blogs/security/how-to-create-a-custom-ami-with-encrypted-amazon-ebs-snapshots-and-share-it-with-other-accounts-and-regions/
upvoted 3 times
...
Skshitiz
1 year, 8 months ago
Selected Answer: ADF
ADF is right
upvoted 1 times
...
DavidPham
1 year, 9 months ago
Selected Answer: ADF
ADF is correct
upvoted 2 times
...
habros
1 year, 10 months ago
Selected Answer: ADF
Step 1: Always specify the KMS (CMK) key to encrypt with when creating/copying images Step 2: Modify the CMK key policy to allow trusted role to assume the key to decrypt image Step 3: Use cross-account trust policy to grant the other account access to the encrypted image
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago