How should the administrator implement this process?

A SysOps administrator is building a process for sharing Amazon RDS database snapshots between different accounts associated with different business units within the same company. All data must be encrypted at rest.

How should the administrator implement this process?
A . Write a script to download the encrypted snapshot, decrypt it using the AWS KMS encryption key used to encrypt the snapshot, then create a new volume in each account.
B . Update the key policy to grant permission to the AWS KMS encryption key used to encrypt the snapshot with all relevant accounts, then share the snapshot with those accounts.
C . Create an Amazon EC2 instance based on the snapshot, then save the instance’s Amazon EBS volume as a snapshot and share it with the other accounts. Require each account owner to create a new volume from that snapshot and encrypt it.
D . Create a new unencrypted RDS instance from the encrypted snapshot, connect to the instance using SSH/RDP. export the database contents into a file, then share this file with the other accounts.

Answer: B

Explanation:

To share Amazon RDS database snapshots between different accounts while ensuring all data is encrypted at rest, follow these steps:

Update the KMS Key Policy:

Navigate to the AWS KMS console.

Select the KMS key used to encrypt the RDS snapshots.

Update the key policy to grant the relevant AWS accounts permission to use the key.

Reference: Key policies in AWS KMS

Share the RDS Snapshot:

Navigate to the RDS console.

Select the snapshot you want to share and choose the "Share Snapshot" option.

Specify the AWS account IDs with which you want to share the snapshot.

Reference: Sharing a DB Snapshot

Access the Shared Snapshot in Target Accounts:

In the target AWS accounts, navigate to the RDS console.

Locate the shared snapshot under the "Snapshots" section.

Use the snapshot to create a new encrypted RDS instance in the target accounts.

By updating the key policy and sharing the snapshot, you ensure the encrypted data is securely accessible across different accounts within the organization.

Latest SOA-C02 Dumps Valid Version with 54 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments