Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SAA-C03 Topic 1 Question 32 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 32
Topic #: 1
[All SAA-C03 Questions]

A company website hosted on Amazon EC2 instances processes classified data stored in The application writes data to Amazon Elastic Block Store (Amazon EBS) volumes The company needs to ensure that all data that is written to the EBS volumes is encrypted at rest.

Which solution will meet this requirement?

Show Suggested Answer Hide Answer
Suggested Answer: B

The simplest and most effective way to ensure that all data that is written to the EBS volumes is encrypted at rest is to create the EBS volumes as encrypted volumes. You can do this by selecting the encryption option when you create a new EBS volume, or by copying an existing unencrypted volume to a new encrypted volume. You can also specify the AWS KMS key that you want to use for encryption, or use the default AWS-managed key. When you attach the encrypted EBS volumes to the EC2 instances, the data will be automatically encrypted and decrypted by the EC2 host. This solution does not require any additional IAM roles, tags, or policies.


Amazon EBS encryption

Creating an encrypted EBS volume

Encrypting an unencrypted EBS volume

by Devora at Apr 11, 2024, 10:16 AM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Bea
7 days ago
But what about the AWS KMS key policy? Doesn't that play a role in enforcing the encryption at the account level?
upvoted 0 times
...
Billy
7 days ago
Hold on, what about option D? Creating an AWS KMS key policy that enforces EBS encryption could be a good way to ensure encryption across the entire account, not just for these specific instances.
upvoted 0 times
...
Noemi
8 days ago
Yeah, that seems like the most straightforward approach. I'm not sure the other options would be as effective in meeting the requirement. Plus, option B is nice and simple - no need to mess around with IAM roles or KMS keys.
upvoted 0 times
...
Corazon
9 days ago
Yep, Wilson's got it. Creating the EBS volumes as encrypted volumes and then attaching them to the EC2 instances is the most straightforward solution. No need to mess around with IAM roles or custom tags.
upvoted 0 times
...
Casie
9 days ago
Haha, you know what they say - when in doubt, encrypt everything! But seriously, option D does seem like a solid choice. It's a bit more complex than option B, but it could provide better long-term protection.
upvoted 0 times
...
Narcisa
10 days ago
You know, that's a good point. That might be a more robust and scalable solution, especially if they have other resources that need to be encrypted as well. It's worth considering, for sure.
upvoted 0 times
...
Wilson
10 days ago
Okay, let's think this through. We need to encrypt the data at rest, so the EBS volumes need to be encrypted. That means option B is the way to go, right?
upvoted 0 times
...
Franchesca
11 days ago
Haha, yeah, I can already see someone suggesting we write a custom encryption algorithm just to show off their coding skills. Come on, people, let's keep it simple!
upvoted 0 times
...
Denae
13 days ago
I agree, Sherill. This seems like a straightforward question, but I'm sure some of the candidates will try to get creative and end up picking the wrong answer.
upvoted 0 times
...
Sherill
15 days ago
Oh man, this is a tricky one! Encrypting data at rest is crucial, especially when dealing with classified information. I wonder how many people are going to overthink this and come up with some convoluted solution.
upvoted 0 times
...

Save Cancel