A company has recently experienced a security incident necessitating the restoration of Amazon EC2 instances from encrypted EBS snapshots using an AWS KMS customer managed key. In response to a gap analysis of their disaster recovery procedures and backup strategies, a security engineer is tasked with implementing a solution to ensure the recovery of EC2 instances even if the AWS account is compromised and the EBS snapshots are deleted. Which solution should the engineer implement to meet this requirement?

Exam-Like

Create a new Amazon S3 bucket. Use EBS lifecycle policies to move EBS snapshots to the new S3 bucket. Use lifecycle policies to move snapshots to the S3 Glacier Instant Retrieval storage class. Use S3 Object Lock to prevent deletion of the snapshots.

25.0%

Use AWS Systems Manager to distribute a configuration that backs up all attached disks to Amazon S3.

0.0%

Create a new AWS account that has limited privileges. Allow the new account to access the KMS key that encrypts the EBS snapshots. Copy the encrypted snapshots to the new account on a recurring basis.

50.0%

Use AWS Backup to copy EBS snapshots to Amazon S3. Use S3 Object Lock to prevent deletion of the snapshots.

25.0%

AWS Certified Security - Specialty

Get started today

Comments