Which combination of actions must the application development team take to meet these requirements?

By:
On:
In: DBS-C01
Tagged:
With: 0 Comments
A company’s application development team wants to share an automated snapshot of its Amazon RDS database with another team.The database is encrypted with a custom AWS Key Management Service (AWS KMS) key under the “WeShare” AWS account.The application development team needs to share the DB snapshot under the “WeReceive” AWS account.

Which combination of actions must the application development team take to meet these requirements?

(Choose two.)

Add access from the “WeReceive” account to the custom AWS KMS key policy of the sharing team.

Make a copy of the DB snapshot, and set the encryption option to disable.

Share the DB snapshot by setting the DB snapshot visibility option to public.

Make a copy of the DB snapshot, and set the encryption option to enable.

Share the DB snapshot by using the default AWS KMS encryption key.

Explanations:

The application development team must update the custom AWS KMS key policy to allow access from the “WeReceive” account to ensure it can access and use the encrypted DB snapshot.

Disabling encryption would make the snapshot unencrypted, which does not meet the requirement of sharing an encrypted snapshot.

Setting the DB snapshot visibility to public is not required. The issue is with sharing the encrypted snapshot, not making it public.

Making a copy of the DB snapshot and setting the encryption option to enable ensures the snapshot remains encrypted, and the copy can be shared with the “WeReceive” account under the correct encryption settings.

Using the default AWS KMS encryption key would not work because the custom key from the “WeShare” account must be used for encryption, not the default AWS KMS key.

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × 1 =