Q32 — AWS SAA-C03 Ch.5

Question 32 of 65 | ← Chapter 5

Q332. A company wants to share forensic accounting data is stored in an Amazon RDS DB instance with an external auditor. The Auditor has its own AWS account and requires its own copy of the database. How should the company securely share the database with the auditor?

Correct Answer: D. Make an encrypted snapshot of the database, share the snapshot, and allow access to the AWS Key Management Service (AWS KMS) encryption key.

Explanation

To securely share a copy of the Amazon RDS DB instance with an external auditor who has its own AWS account, making an encrypted snapshot of the database is the most appropriate option. This will ensure that the data is encrypted in transit and at rest. The encrypted snapshot can be shared with the external auditor, and access can be granted to the AWS Key Management Service (KMS) encryption key used to encrypt the snapshot. This way, the auditor can restore the snapshot to an RDS DB instance in their own AWS account, and use the KMS key to decrypt the data.