🔥 3-day streak
AWS Certified Security - Specialty89 / 157
Question 89 of 157
During an active incident, a security engineer must preserve an EBS volume from a compromised EC2 instance for later forensic analysis in a dedicated forensics account. The forensics account uses a customer-managed KMS key to encrypt all evidence. The source volume is encrypted with a different customer-managed KMS key in the production account. The engineer creates a snapshot of the volume and attempts to share it directly with the forensics account, but the account cannot access it. What is the correct sequence to make the encrypted evidence usable in the forensics account while maintaining chain of custody?
Reviewed for accuracy · Report an issueNext question