Multiple Choice
A company needs its Amazon Elastic Block Store (Amazon EBS) volumes to be encrypted at all times. During a security incident, EBS snapshots of suspicious instances are shared to a forensics account for analysis. A security engineer attempting to share a suspicious EBS snapshot to the forensics account receives the following error: "Unable to share snapshot. An error occurred (OperationNotPermitted) when calling the ModifySnapshotAttribute operation: Encrypted snapshots with EBS default key cannot be shared" Which combination of steps should the security engineer take in the incident account to complete the sharing operation? (Choose three.)
A) Create a customer managed CMK. Copy the EBS snapshot encrypting the destination snapshot using the new CMK.
B) Allow forensics accounting principals to use the CMK by modifying its policy.
C) Create an Amazon EC2 instance. Attach the encrypted and suspicious EBS volume. Copy data from the suspicious volume to an unencrypted volume. Snapshot the unencrypted volume.
D) Copy the EBS snapshot to the new decrypted snapshot.
E) Restore a volume from the suspicious EBS snapshot. Create an unencrypted EBS volume of the same size.
F) Share the target EBS snapshot with the forensics account.
Correct Answer:
Verified
Correct Answer:
Verified
Q89: A company website runs on Amazon EC2
Q90: A company's Information Security team wants to
Q91: A company uses AWS CodePipeline for its
Q92: A company is running an application on
Q93: A company is designing the security architecture
Q95: A company became aware that one of
Q96: A Security Engineer has created an Amazon
Q97: A company is developing a highly resilient
Q98: An AWS account includes two S3 buckets:
Q99: Auditors for a health care company have