Which steps should be taken in the AWS Management Console to meet the disaster recovery requirements?
Create a new KMS customer master key in the source Region. Switch to the destination Region, enable Amazon Redshift cross-Region snapshots, and use the KMS key of the source Region.
Create a new IAM role with access to the KMS key. Enable Amazon Redshift cross-Region replication using the new IAM role, and use the KMS key of the source Region.
Enable Amazon Redshift cross-Region snapshots in the source Region, and create a snapshot copy grant and use a KMS key in the destination Region.
Create a new KMS customer master key in the destination Region and create a new IAM role with access to the new KMS key. Enable Amazon Redshift cross-Region replication in the source Region and use the KMS key of the destination Region.
Explanations:
You cannot use the KMS key from the source Region when enabling cross-Region snapshots; you need a KMS key in the destination Region to encrypt the snapshots.
While creating a new IAM role with access to the KMS key is necessary, you still cannot use the KMS key from the source Region for cross-Region snapshots; it must be a KMS key from the destination Region.
This option correctly identifies that you need to enable cross-Region snapshots and create a snapshot copy grant using a KMS key in the destination Region to meet disaster recovery requirements.
Although creating a new KMS key in the destination Region is correct, the IAM role is not sufficient by itself to enable cross-Region replication without a proper setup for snapshot copy grants.
As I recall, the answer is:
Enable Amazon Redshift cross-Region snapshots in the source Region, and create a snapshot copy grant and use a KMS key in the destination Region.