ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 744 discussion

Exam question from Amazon's AWS-SysOps
Question #: 744
Topic #: 1
[All AWS-SysOps Questions]

A SysOps Administrator is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company. All data must be encrypted at rest.
How should the Administrator implement this process?

  • A. Write a script to download the encrypted snapshot, decrypt it using the AWS KMS encryption key used to encrypt the snapshot, then create a new volume in each account.
  • B. Update the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts, then share the snapshot with those accounts.
  • C. Create an Amazon EC2 instance based on the snapshot, then save the instance's Amazon EBS volume as a snapshot and share it with the other accounts. Require each account owner to create a new volume from that snapshot and encrypt it.
  • D. Create a new unencrypted RDS instance from the encrypted snapshot, connect to the instance using SSH/RDP, export the database contents into a file, then share this file with the other accounts.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Reference:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ShareSnapshot.html
by gretch at June 2, 2020, 7:44 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
albert_kuo
9 months, 3 weeks ago
Selected Answer: B
By updating the key policy associated with the AWS KMS encryption key used to encrypt the snapshot, you can grant permission to the relevant accounts to access and use the encryption key. This allows those accounts to decrypt the snapshot when needed. Sharing the encrypted snapshot with the other accounts ensures that the data remains encrypted at rest throughout the sharing process. The other accounts can then use their own AWS KMS encryption keys to decrypt the snapshot as required.
upvoted 1 times
...
RicardoD
2 years, 6 months ago
B is the answer
upvoted 1 times
...
abhishek_m_86
2 years, 6 months ago
B. Update the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts, then share the snapshot with those accounts.
upvoted 1 times
...
arpana_03
2 years, 6 months ago
B is correct answer
upvoted 1 times
...
jackdryan
2 years, 6 months ago
I'll go with B
upvoted 1 times
...
waterzhong
2 years, 7 months ago
Sharing an Encrypted Snapshot You can share DB snapshots that have been encrypted "at rest" using the AES-256 encryption algorithm, as described in Encrypting Amazon RDS Resources. To do this, you must take the following steps: Share the AWS Key Management Service (AWS KMS) customer master key (CMK) that was used to encrypt the snapshot with any accounts that you want to be able to access the snapshot. You can share AWS KMS CMKs with another AWS account by adding the other account to the AWS KMS key policy. For details on updating a key policy, see Key Policies in the AWS KMS Developer Guide. For an example of creating a key policy, see Allowing Access to an AWS KMS Customer Master Key (CMK) later in this topic. Use the AWS Management Console, AWS CLI, or Amazon RDS API to share the encrypted snapshot with the other accounts.
upvoted 1 times
...
gretch
2 years, 7 months ago
it's B "Share the AWS Key Management Service (AWS KMS) encryption key that was used to encrypt the snapshot with any accounts that you want to be able to access the snapshot. Use the AWS Management Console, AWS CLI, or Amazon RDS API to share the encrypted snapshot with the other accounts."
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago