SAA-C03 · Question #676
SAA-C03 Question #676: Real Exam Question with Answer & Explanation
The correct answer is B: Modify the launchPermission property of the AMI.. Share the existing KMS key with the MSP external account because it has already been used to encrypt the AMI snapshot. https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-
Question
A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs to share an Amazon Machine Image (AMI) from an existing AWS account with the MSP Partner's AWS account. The AMI is backed by Amazon Elastic Block Store (Amazon EBS) and uses a customer managed customer master key (CMK) to encrypt EBS volume snapshots. What is the MOST secure way for the solutions architect to share the AMI with the MSP Partner's AWS account?
Options
- AMake the encrypted AMI and snapshots publicly available.
- BModify the launchPermission property of the AMI.
- CModify the launchPermission property of the AMI.
- DExport the AMI from the source account to an Amazon S3 bucket in the MSP Partner's AWS
Explanation
Share the existing KMS key with the MSP external account because it has already been used to encrypt the AMI snapshot. https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-
Community Discussion
No community discussion yet for this question.