ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Big Data - Specialty All Questions

View all questions & answers for the AWS Certified Big Data - Specialty exam
Go to Exam

Exam AWS Certified Big Data - Specialty topic 1 question 36 discussion

Exam question from Amazon's AWS Certified Big Data - Specialty
Question #: 36
Topic #: 1
[All AWS Certified Big Data - Specialty Questions]

An Amazon Redshift Database is encrypted using KMS. A data engineer needs to use the AWS CLI to create a KMS encrypted snapshot of the database in another AWS region.
Which three steps should the data engineer take to accomplish this task? (Choose three.)

  • A. Create a new KMS key in the destination region.
  • B. Copy the existing KMS key to the destination region.
  • C. Use CreateSnapshotCopyGrant to allow Amazon Redshift to use the KMS key from the source region.
  • D. In the source region, enable cross-region replication and specify the name of the copy grant created.
  • E. In the destination region, enable cross-region replication and specify the name of the copy grant created.
Show Suggested Answer Hide Answer
Suggested Answer: ABD 🗳️
Reference: https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html#working-with- aws-kms
by jlpl at Aug. 8, 2019, 1:21 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Magicroko
3 years, 5 months ago
Question 66 is the same
upvoted 1 times
...
yogesh88
3 years, 5 months ago
ACD is correct. Direct question from https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html#working-with-aws-kms
upvoted 1 times
...
san2020
3 years, 6 months ago
my selection ACD
upvoted 2 times
...
ME2000
3 years, 6 months ago
Here one option is missing C. Use CreateSnapshotCopyGrant to allow Amazon Redshift to use the KMS key from the destination region. (Correct) https://chercher.tech/aws-certification/aws-certified-big-data-speciality-practice-exams-set-1 find here step by step AWS Redshift cross-region copy snapshot through the console (Question ask for CLI but both has same steps) https://www.youtube.com/watch?v=9DepoiBOe6o
upvoted 2 times
...
michelleY
3 years, 6 months ago
i think ACD.
upvoted 1 times
...
cert_learner
3 years, 6 months ago
Before the snapshot is copied to the destination AWS Region, Amazon Redshift decrypts the snapshot using the master key in the source AWS Region and re-encrypts it temporarily using a randomly generated RSA key that Amazon Redshift manages internally. Amazon Redshift then copies the snapshot over a secure channel to the destination AWS Region, decrypts the snapshot using the internally managed RSA key, and then re-encrypts the snapshot using the master key in the destination AWS Region.
upvoted 3 times
...
Raju_k
3 years, 6 months ago
I would choose ACD though C is not accurate answer as suggested by Mattyb123
upvoted 2 times
...
samiraninside
3 years, 6 months ago
I agree with ACD.there was one more option as below. though that is wrong option. Use CreateSnapshotCopyGrant to allow Amazon Redshift to use the KMS key from the source region.
upvoted 2 times
...
cybe001
3 years, 6 months ago
ACD is correct
upvoted 1 times
...
pra276
3 years, 6 months ago
C option should be like Use CreateSnapshotCopyGrant to allow Amazon Redshift to use the KMS key created in the destination region NOT source region
upvoted 3 times
antoneti
3 years, 6 months ago
why destination? the cross-region replica is made from the source so the source is the one to have access to the KMS created
upvoted 1 times
Soona_Paana
3 years, 5 months ago
If you want to enable cross-Region snapshot copy for an AWS KMS–encrypted cluster, you must configure a snapshot copy grant for a master key in the destination AWS Region. By doing this, you enable Amazon Redshift to perform encryption operations in the destination AWS Region Link: https://docs.aws.amazon.com/redshift/latest/mgmt/managing-snapshots-console.html#xregioncopy-kms-encrypted-snapshot
upvoted 1 times
...
...
mattyb123
3 years, 6 months ago
Same question is on page 14. https://www.examtopics.com/exams/amazon/aws-certified-big-data-specialty/view/14/ ADF is correct answer. as F includes Use CreateSnapshotCopyGrant to allow Amazon Redshift to use the KMS key created in the destination region
upvoted 2 times
...
...
Jialu
3 years, 7 months ago
ACD is the correct answer
upvoted 2 times
pra276
3 years, 7 months ago
ACD is correct
upvoted 1 times
...
...
mattyb123
3 years, 7 months ago
Agreed ACD.
upvoted 2 times
mattyb123
3 years, 7 months ago
https://docs.amazonaws.cn/en_us/redshift/latest/mgmt/working-with-db-encryption.html#configure-snapshot-copy-grant
upvoted 1 times
...
...
jlpl
3 years, 7 months ago
acd ? anyone?
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago