A company needs its Amazon Elastic Block Store (Amazon EBS) volumes to be encrypted at all times. During a security incident, EBS snapshots of suspicious instances are shared to a forensics account for analysis. A security engineer attempting to share a suspicious EBS snapshot to the forensics account receives the following error: "Unable to share snapshot. An error occurred (OperationNotPermitted) when calling the ModifySnapshotAttribute operation: Encrypted snapshots with EBS default key cannot be shared" Which combination of steps should the security engineer take in the incident account to complete the sharing operation? (Choose three.)
A) Create a customer managed CMK. Copy the EBS snapshot encrypting the destination snapshot using the new CMK.
B) Allow forensics accounting principals to use the CMK by modifying its policy.
C) Create an Amazon EC2 instance. Attach the encrypted and suspicious EBS volume. Copy data from the suspicious volume to an unencrypted volume. Snapshot the unencrypted volume.
D) Copy the EBS snapshot to the new decrypted snapshot.
E) Restore a volume from the suspicious EBS snapshot. Create an unencrypted EBS volume of the same size.
F) Share the target EBS snapshot with the forensics account.
Correct Answer:
Verified
Q276: A company is undergoing a layer 3
Q277: A large company has hundreds of AWS
Q278: A company has an IAM group. All
Q279: A company is hosting a web application
Q280: A company plans to create individual child
Q282: A security engineer must develop an encryption
Q283: A company has a serverless application for
Q284: A company's on-premises networks are connected to
Q285: A company stores images for a website
Q286: A development team is using an AWS
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents