A company always needs its Amazon Elastic Block Store (Amazon EBS) volumes to be encrypted During a security incident. EBS snapshots of suspicious instances are shared to a forensics account for analysis A security engineer attempting to share a suspicious EBS snapshot to the forensics account receives the following error "Unable to share snapshot: An error occurred (OperationNotPermitted) when calling the ModifySnapshotAttribute operation: Encrypted snapshots with EBS default key cannot be shared.
Which combination of steps should the security engineer take in the incident account to complete the sharing operation? (Select THREE)
A . Create a customer managed CMK Copy the EBS snapshot encrypting the destination snapshot using the new CM
C . Allow forensics accounting principals to use the CMK by modifying its policy.
D . Create an Amazon EC2 instance. Attach the encrypted and suspicious EBS volume. Copy data from the suspicious volume to an unencrypted volume. Snapshot the unencrypted volume
E . Copy the EBS snapshot to the new decrypted snapshot
F . Restore a volume from the suspicious EBS snapshot. Create an unencrypted EBS volume of the same size.
G . Share the target EBS snapshot with the forensics account.
Answer: A,B
Leave a Reply