Q32 — AWS SAA-C03 Ch.5
Question 32 of 65 | ← Chapter 5
Q332. A company wants to share forensic accounting data is stored in an Amazon RDS DB instance with an external auditor. The Auditor has its own AWS account and requires its own copy of the database. How should the company securely share the database with the auditor?
- A. Create a read replica of the database and configure IAM standard database authentication to grant the auditor access.
- B. Copy a snapshot of the database to Amazon S3 and assign an IAM role to the auditor to grant access to the object in that bucket.
- C. Export the database contents to text files, store the files in Amazon S3, and create a new IAM user for the auditor with access to that bucket.
- D. Make an encrypted snapshot of the database, share the snapshot, and allow access to the AWS Key Management Service (AWS KMS) encryption key. ✓
Correct Answer: D. Make an encrypted snapshot of the database, share the snapshot, and allow access to the AWS Key Management Service (AWS KMS) encryption key.
Explanation
To securely share a copy of the Amazon RDS DB instance with an external auditor who has its own AWS account, making an encrypted snapshot of the database is the most appropriate option. This will ensure that the data is encrypted in transit and at rest. The encrypted snapshot can be shared with the external auditor, and access can be granted to the AWS Key Management Service (KMS) encryption key used to encrypt the snapshot. This way, the auditor can restore the snapshot to an RDS DB instance in their own AWS account, and use the KMS key to decrypt the data.