Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 438 discussion

The most secure way for the company to share the database with the auditor is option D: Create an encrypted snapshot of the database, share the snapshot with the auditor, and allow access to the AWS Key Management Service (AWS KMS) encryption key. By creating an encrypted snapshot, the company ensures that the database data is protected at rest. Sharing the encrypted snapshot with the auditor allows them to have their own copy of the database securely. In addition, granting access to the AWS KMS encryption key ensures that the auditor has the necessary permissions to decrypt and access the encrypted snapshot. This allows the auditor to restore the snapshot and access the data securely. This approach provides both data protection and access control, ensuring that the database is securely shared with the auditor while maintaining the confidentiality and integrity of the data.

why not A ?

Encrypted snapshot must be most secure compare others

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ShareSnapshot.html With AWS RDS, you can share snapshots across accounts so no need to go through S3 or replication. Option D allows more secure way by using encryption and sharing encryption key.

MOST secure way

Key word: "Secure way" The snapshot contents are encrypted using KMS keys for data security. Sharing the snapshot directly removes risks of extracting/transferring data. The auditor can restore the snapshot into their own RDS instance. Access is controlled through sharing the encrypted snapshot and KMS key.

Most likely D.

Option D (Creating an encrypted snapshot of the database, sharing the snapshot, and allowing access to the AWS Key Management Service encryption key) is generally considered a better option for sharing the database with the auditor in terms of security and control.

D for me