ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SAP on AWS - Specialty PAS-C01 All Questions

View all questions & answers for the AWS Certified SAP on AWS - Specialty PAS-C01 exam
Go to Exam

Exam AWS Certified SAP on AWS - Specialty PAS-C01 topic 1 question 119 discussion

Exam question from Amazon's AWS Certified SAP on AWS - Specialty PAS-C01
Question #: 119
Topic #: 1
[All AWS Certified SAP on AWS - Specialty PAS-C01 Questions]

A company is planning to implement a new SAP workload on SUSE Linux Enterprise Server on AWS. The company needs to use AWS Key Management Service (AWS KMS) to encrypt every file at rest. The company also requires that its production SAP workloads and non-production SAP workloads are separated into different AWS accounts.

The production account and the non-production account share a common SAP transport directory, /usr/sap/trans. The two accounts are connected by VPC peering.

What should the company do to achieve the data encryption at rest for the new SAP workload?

  • A. Create an asymmetric KMS customer managed key in the production account. Create Amazon Elastic Block Store (Amazon EBS) and Amazon Elastic File System (Amazon EFS) storage for all root and SAP data. Implement encryption that uses the KMS key. Share the EFS file system from the production account with the non-production account. Import the KMS key into the non-production account to allow the production systems to access the SAP transport directory.
  • B. Create a symmetric KMS customer managed key in the production account. Create Amazon Elastic Block Store (Amazon EBS) and Amazon Elastic File System (Amazon EFS) storage for all root and SAP data. Implement encryption that uses the KMS key. Share the EFS file system from the production account with the non-production account. Create an IAM role in the non-production account and a key policy for the KMS key in the production account to allow the non-production systems to access the SAP transport directory.
  • C. Create a symmetric KMS customer managed key in the production account. Create Amazon Elastic Block Store (Amazon EBS) and Amazon Elastic File System (Amazon EFS) storage for all root and SAP data. Implement encryption that uses the KMS key. Share the EFS file system from the production account with the non-production account. Create an IAM role in the production account and a key policy for the KMS key in the production account to allow the non-production systems to access the SAP transport directory.
  • D. Create an asymmetric KMS customer managed key in the production account. Create Amazon Elastic Block Store (Amazon EBS) and Amazon Elastic File System (Amazon EFS) storage for all root and SAP data. Implement encryption that uses the KMS key. Share the EFS file system from the production account with the non-production account. Create an IAM role in the non-production account and a key policy for the KMS key in the production account to allow the non-production systems to access the SAP transport directory.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by geoakes at Jan. 18, 2024, 7:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
koki2847
1 year, 1 month ago
Selected Answer: B
B is the answer. "Cross-account access requires permission in the key policy of the KMS key and in an IAM policy in the external user's account." https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html
upvoted 1 times
...
confusedyeti69
1 year, 1 month ago
Selected Answer: B
It's B.
upvoted 2 times
...
awsmonster
1 year, 2 months ago
Agree with geoakes
upvoted 1 times
...
geoakes
1 year, 3 months ago
C: https://docs.aws.amazon.com/efs/latest/ug/managing-encrypt.html
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago