New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAP-C02 Exam - Topic 11 Question 28 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 28
Topic #: 11
[All SAP-C02 Questions]

A company's compliance audit reveals that some Amazon Elastic Block Store (Amazon EBS) volumes that were created in an AWS account were not encrypted. A solutions architect must Implement a solution to encrypt all new EBS volumes at rest

Which solution will meet this requirement with the LEAST effort?

Show Suggested Answer Hide Answer
Suggested Answer: D

The most effortless way to ensure that all new Amazon Elastic Block Store (EBS) volumes are encrypted at rest is to enable EBS encryption by default in all AWS Regions. This setting automatically encrypts all new EBS volumes and snapshots created in the account, thereby ensuring compliance with encryption policies without the need for manual intervention or additional monitoring.


by Scarlet at Apr 24, 2024, 10:38 PM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lorrie
3 months ago
I’m not sure about B, does it really handle encryption automatically?
upvoted 0 times
...
Barabara
3 months ago
Definitely agree with D, it’s a no-brainer for compliance.
upvoted 0 times
...
Erick
3 months ago
Wait, can you really just delete unencrypted volumes? Sounds risky!
upvoted 0 times
...
Ciara
4 months ago
I think C is more flexible, though.
upvoted 0 times
...
Lemuel
4 months ago
D is the easiest way to ensure all new volumes are encrypted!
upvoted 0 times
...
Verdell
4 months ago
I vaguely recall that AWS Audit Manager is more about auditing than enforcing encryption, so it might not be the right choice here.
upvoted 0 times
...
Tamesha
4 months ago
I practiced a similar question where we had to enforce compliance, and I feel like the EventBridge and Lambda option could be overkill for just new volumes.
upvoted 0 times
...
Lilli
4 months ago
I'm not entirely sure, but I think using AWS Config might be more complex than just setting a default.
upvoted 0 times
...
Carma
5 months ago
I remember studying about EBS encryption, and I think enabling encryption by default is the simplest way to ensure all new volumes are encrypted.
upvoted 0 times
...
Dorian
5 months ago
I like the idea of using AWS Config and Systems Manager Automation (option C) to automate the encryption process. That seems like it would be the most efficient and least effort solution, as long as the automation is set up correctly.
upvoted 0 times
...
Giuseppe
5 months ago
Option D seems like the easiest solution, just turning on EBS encryption by default in all regions. But I'm not sure if that would address the existing unencrypted volumes, so I might need to look into the other options as well.
upvoted 0 times
...
Gerald
5 months ago
Hmm, I'm a bit unsure about this one. The question is asking for the solution with the least effort, so I'm not sure if deleting the volumes and then recreating them encrypted (option A) is the best approach. I'll need to think this through a bit more.
upvoted 0 times
...
Bronwyn
5 months ago
This looks like a straightforward question about encrypting EBS volumes. I think option C is the best solution, as it uses AWS Config to detect new unencrypted volumes and then automates the encryption process using AWS Systems Manager.
upvoted 0 times
...
Sabrina
5 months ago
Hmm, I'm a bit unsure about this one. I'm trying to remember if there are any other options besides IAM credentials that CSPM could use. I'll have to think this through carefully.
upvoted 0 times
...
Lachelle
5 months ago
I've got a strategy for this. I'll eliminate the options that don't directly address the bottleneck, then choose the best one.
upvoted 0 times
...
Mauricio
5 months ago
The S-PMSI A-D route... I remember learning about that in class, but the details are a bit fuzzy. I'll give it my best shot.
upvoted 0 times
...
Caitlin
5 months ago
Hmm, this looks like a tricky one. I'll need to think carefully about the different mail policy features and which ones apply to both incoming and outgoing mail.
upvoted 0 times
...
Christene
2 years ago
I see the benefits of option C for automation, but option D does seem like a straightforward choice.
upvoted 0 times
...
Eleonora
2 years ago
That's a good point User4, option D would definitely be the least effort.
upvoted 0 times
...
Adelina
2 years ago
I believe option D is the simplest solution, just turning on encryption by default.
upvoted 0 times
...
Merlyn
2 years ago
I agree with User2, option C would require less manual effort.
upvoted 0 times
...
Brinda
2 years ago
But option C seems like a more automated approach.
upvoted 0 times
...
Christene
2 years ago
I think option A is the best solution.
upvoted 0 times
...
Anglea
2 years ago
What about using AWS Config rule to encrypt new EBS volumes using AWS Systems Manager Automation?
upvoted 0 times
...
Isabella
2 years ago
I disagree, I believe the most efficient solution is to turn on EBS encryption by default in all AWS Regions.
upvoted 0 times
Marti
2 years ago
We should consider the effort required and the effectiveness of each solution before making a decision.
upvoted 0 times
...
Janine
2 years ago
Implementing encryption by default in all Regions may be the most straightforward solution but not necessarily the most efficient one.
upvoted 0 times
...
Lindsey
2 years ago
Using AWS Audit Manager with data encryption could also be a good option for ensuring compliance.
upvoted 0 times
...
Lorean
2 years ago
I still believe creating an Amazon EventBridge rule to delete noncompliant volumes is the simplest solution.
upvoted 0 times
...
Jesus
2 years ago
That's a good point, but using AWS Config rule to detect creation of new EBS volumes and encrypting them with AWS Systems Manager Automation could be more efficient.
upvoted 0 times
...
Gearldine
2 years ago
I think the best option is to turn on EBS encryption by default in all AWS Regions.
upvoted 0 times
...
...
Leonida
2 years ago
I think the best solution is to create an Amazon EventBridge rule and invoke a Lambda function to delete noncompliant volumes.
upvoted 0 times
...

Save Cancel