AWS Certified Big Data – Specialty — Question 6

An Amazon Redshift Database is encrypted using KMS. A data engineer needs to use the AWS CLI to create a KMS encrypted snapshot of the database in another AWS region.
Which three steps should the data engineer take to accomplish this task? (Choose three.)

Answer options

• A. Create a new KMS key in the destination region.
• B. Copy the existing KMS key to the destination region.
• C. Use CreateSnapshotCopyGrant to allow Amazon Redshift to use the KMS key from the source region.
• D. In the source region, enable cross-region replication and specify the name of the copy grant created.
• E. In the destination region, enable cross-region replication and specify the name of the copy grant created.

Correct answer: A, B, D

Explanation

The correct actions involve creating a new KMS key in the destination region (A), copying the existing KMS key does not apply since KMS keys cannot be transferred (B), and enabling cross-region replication in the source region (D) is necessary for the snapshot process. Options C and E are not required for this task, as they pertain to granting permissions and actions specific to the destination region, respectively.