With MEW, you have two options for accessing your wallet to sign transactions.

• Use the plaintext private key
• Use a combination of the UTC file + password

It's really up to you where/how you store the password and UTC file. In the guide I recommend storing both along with the private key all in the keepass database so that there's less to memorize and keep up with (which doesn't add to the security of a doubly encrypted system anyway).

As far as using keepass, you use the keyfile (stored on a separate USB) and the master password to access the database. From there, I would just use the stored private key to unlock the wallet in MEW to sign the offline transaction. Otherwise you need to download the UTC file from keepass and drop that into the Tor persistent directory (so that MEW can see it) and also copy the password from keepass.

The actual keepass database should be stored in the persistent volume of Tails. You can make redundant backups of it anywhere though, as long as it's separate from the keepass keyfile and/or master password if you are choosing to store that somewhere.