“Which combination of steps should the security engineer take in the incident account to complete the sharing operation?

By:
In: SCS-C01
Tagged:
With: 1 Comment
A company needs its Amazon Elastic Block Store (Amazon EBS) volumes to be encrypted at all times.During a security incident, a security engineer attempts to share a snapshot of a suspicious EBS volume to the company’s forensics account for analysis.The security engineer receives the following error:”Unable to share snapshot: An error occurred (OperationNotPermitted) when calling the ModifySnapshotAttribute operation: Encrypted snapshots with EBS default key cannot be shared.

“Which combination of steps should the security engineer take in the incident account to complete the sharing operation?

(Choose three.)

Create an AWS Key Management Service (AWS KMS) customer managed key. Copy the snapshot of the suspicious EBS volume. Encrypt the copy of the snapshot by using the new KMS key.

Allow principals in the forensics account to use the AWS Key Management Service (AWS KMS) customer managed key by modifying the key policy.

Launch an Amazon EC2 instance. Attach the encrypted and suspicious EBS volume. Copy the data from the suspicious EBS volume to an unencrypted EBS volume. Create a snapshot of the unencrypted EBS volume.

Copy the snapshot to the new decrypted snapshot.

Restore an EBS volume from the snapshot of the suspicious EBS volume. Create an unencrypted EBS volume of the same size.

Share the encrypted snapshot with the forensics account.

2025-10-14

1 Comment

  1. Bryan
    Author

    As I understand it, the answer is:
    Create an AWS Key Management Service (AWS KMS) customer managed key. Copy the snapshot of the suspicious EBS volume. Encrypt the copy of the snapshot by using the new KMS key.

Leave a Reply

Your email address will not be published. Required fields are marked *

two × 2 =