A company must share accounting data with an external auditor. The data is stored in an Amazon RDS DB instance in a private subnet. The auditor has its own AWS account and requires its own copy of the database. What is the MOST secure way to share the database with the auditor?
Choose an answer
Tap an option to check your answer.
Correct answer: Create an encrypted snapshot of the database. Share the snapshot with the auditor. Allow access to the AWS Key Management Service (AWS KMS) encryption key..
Why this is the answer
Creating an encrypted snapshot and sharing it with the auditor's AWS account is the most secure method. This allows the auditor to restore the database into their own AWS environment, maintaining data integrity and isolation. Granting access to the AWS KMS key used for encryption ensures the auditor can decrypt and use the snapshot. Creating a read replica would expose the production database to the auditor's access, which is less secure and doesn't provide an independent copy. Exporting to text files is inefficient for large databases, prone to errors, and less secure than a snapshot. Copying a snapshot to S3 and sharing IAM user keys is insecure because sharing keys is a security anti-pattern and doesn't directly provide a database copy for restoration.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed