Answer-first summary for fast verification
Answer: Create a new AWS account that has limited privileges. Allow the new account to access the KMS key that encrypts the EBS snapshots. Copy the encrypted snapshots to the new account on a recurring basis.
The correct answer is option C. The solution involves creating a new AWS account with limited privileges to mitigate the risk of the primary AWS account being compromised. By copying the encrypted EBS snapshots to this new account on a recurring basis and granting access to the KMS key to the new account, you ensure that you retain access to both the snapshots and the keys required to decrypt them. This strategy provides a robust disaster recovery solution, even if the primary AWS account is compromised and the original snapshots are deleted.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company has recently experienced a security incident necessitating the restoration of Amazon EC2 instances from encrypted EBS snapshots using an AWS KMS customer managed key. In response to a gap analysis of their disaster recovery procedures and backup strategies, a security engineer is tasked with implementing a solution to ensure the recovery of EC2 instances even if the AWS account is compromised and the EBS snapshots are deleted. Which solution should the engineer implement to meet this requirement?
A
Create a new Amazon S3 bucket. Use EBS lifecycle policies to move EBS snapshots to the new S3 bucket. Use lifecycle policies to move snapshots to the S3 Glacier Instant Retrieval storage class. Use S3 Object Lock to prevent deletion of the snapshots.
B
Use AWS Systems Manager to distribute a configuration that backs up all attached disks to Amazon S3.
C
Create a new AWS account that has limited privileges. Allow the new account to access the KMS key that encrypts the EBS snapshots. Copy the encrypted snapshots to the new account on a recurring basis.
D
Use AWS Backup to copy EBS snapshots to Amazon S3. Use S3 Object Lock to prevent deletion of the snapshots.
No comments yet.