AWS Certified Security – Specialty SCS-C01 – Question271

A company needs its Amazon Elastic Block Store (Amazon EBS) volumes to be encrypted at all times.
During a security incident, EBS snapshots of suspicious instances are shared to a forensics account for analysis. A security engineer attempting to share a suspicious EBS snapshot to the forensics account receives the following error:
"Unable to share snapshot. An error occurred (OperationNotPermitted) when calling the ModifySnapshotAttribute operation: Encrypted snapshots with EBS default key cannot be shared"
Which combination of steps should the security engineer take in the incident account to complete the sharing operation? (Choose three.)

A.
Create a customer managed CMK. Copy the EBS snapshot encrypting the destination snapshot using the new CMK.
B. Allow forensics accounting principals to use the CMK by modifying its policy.
C. Create an Amazon EC2 instance. Attach the encrypted and suspicious EBS volume. Copy data from the suspicious volume to an unencrypted volume. Snapshot the unencrypted volume.
D. Copy the EBS snapshot to the new decrypted snapshot.
E. Restore a volume from the suspicious EBS snapshot. Create an unencrypted EBS volume of the same size.
F. Share the target EBS snapshot with the forensics account.

Correct Answer: CDE