AWS认证SAA-C03每日一题

V本题库由云计算狂魔微信公众号分享。
【SAA-C03助理级解决方案架构师认证】

A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs to share an Amazon Machine Image (AMI) from an existing AWS account with the MSP Partner's AWS account The AMI is backed by Amazon Elastic Block Store (Amazon EBS)and uses a customer managed customer master key (CMK) to encrypt EBS volume snapshots.
What is the MOST secure way for the solutions architect to share the AMI with the MSP Partner's AWS account?
A :   Make the encrypted AMI and snapshots publicly available Modify the CMKs key policy
to allow the MSP Partner's AWS account to use the key
B :   Modify the launch Permission property of the AMI Share the AMI with the MSP Partner's AWS account only. Modify the CMKs key policy to allow the MSP Partner's AWS account to use the key
C :   Modify the launch Permission property of the AMI. Share the AMI with the MSP Partner's  AWS account only. Modify the CMKs key policy to trust a new CMK that is owned by the MSP Partner for encryption.
D :   Export the AMl from the source account to an Amazon S3 bucket in theMSP Partner's AWS account.
Encrypt the S3 bucket with a CMK that is owned by the MSP Partner. Copy and launch the AMI in the MSP Partner's AWS account.