Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SAA-C03 Topic 1 Question 32 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 32
Topic #: 1
[All SAA-C03 Questions]

A company website hosted on Amazon EC2 instances processes classified data stored in The application writes data to Amazon Elastic Block Store (Amazon EBS) volumes The company needs to ensure that all data that is written to the EBS volumes is encrypted at rest.

Which solution will meet this requirement?

Show Suggested Answer Hide Answer
Suggested Answer: B

The simplest and most effective way to ensure that all data that is written to the EBS volumes is encrypted at rest is to create the EBS volumes as encrypted volumes. You can do this by selecting the encryption option when you create a new EBS volume, or by copying an existing unencrypted volume to a new encrypted volume. You can also specify the AWS KMS key that you want to use for encryption, or use the default AWS-managed key. When you attach the encrypted EBS volumes to the EC2 instances, the data will be automatically encrypted and decrypted by the EC2 host. This solution does not require any additional IAM roles, tags, or policies.


Amazon EBS encryption

Creating an encrypted EBS volume

Encrypting an unencrypted EBS volume

Contribute your Thoughts:

Odette
5 months ago
Thanks for the explanation, I think I understand now. I agree with you that D) seems like the best solution.
upvoted 0 times
...
Alverta
5 months ago
Of course, Creating a KMS key policy ensures encryption at the EBS level, providing a secure solution for data at rest.
upvoted 0 times
...
Gail
6 months ago
Sure, can you explain why you think D) is the correct answer?
upvoted 0 times
...
Odette
6 months ago
I'm not sure which one to choose. Can someone explain their rationale for their answer?
upvoted 0 times
...
Alverta
6 months ago
I disagree with you, I believe the correct answer is D) Create an AWS Key Management Service key policy that enforces EBS encryption.
upvoted 0 times
...
Gail
6 months ago
I think the answer is B) Create the EBS volumes as encrypted volumes Attach the EBS volumes to the EC2 instances.
upvoted 0 times
...
Elfriede
6 months ago
I think option D is the way to go. Creating a KMS key policy for encryption gives more control.
upvoted 0 times
...
Kiley
7 months ago
I agree with Clorinda. Option B seems like the most direct way to ensure encryption.
upvoted 0 times
...
Clorinda
7 months ago
I disagree, I believe option B is more straightforward.
upvoted 0 times
...
Ashleigh
7 months ago
I think option A is the best solution.
upvoted 0 times
...
Bea
8 months ago
But what about the AWS KMS key policy? Doesn't that play a role in enforcing the encryption at the account level?
upvoted 0 times
...
Billy
8 months ago
Hold on, what about option D? Creating an AWS KMS key policy that enforces EBS encryption could be a good way to ensure encryption across the entire account, not just for these specific instances.
upvoted 0 times
...
Noemi
8 months ago
Yeah, that seems like the most straightforward approach. I'm not sure the other options would be as effective in meeting the requirement. Plus, option B is nice and simple - no need to mess around with IAM roles or KMS keys.
upvoted 0 times
Gertude
7 months ago
Yeah, creating encrypted volumes and attaching them to the instances sounds like a secure solution.
upvoted 0 times
...
Murray
7 months ago
I think option B would be the best choice here.
upvoted 0 times
...
...
Corazon
8 months ago
Yep, Wilson's got it. Creating the EBS volumes as encrypted volumes and then attaching them to the EC2 instances is the most straightforward solution. No need to mess around with IAM roles or custom tags.
upvoted 0 times
...
Casie
8 months ago
Haha, you know what they say - when in doubt, encrypt everything! But seriously, option D does seem like a solid choice. It's a bit more complex than option B, but it could provide better long-term protection.
upvoted 0 times
saqib
8 months ago
You know, that's a good point. That might be a more robust and scalable solution, especially if they have other resources that need to be encrypted as well. It's worth considering, for sure.
upvoted 1 times
...
...
Narcisa
8 months ago
You know, that's a good point. That might be a more robust and scalable solution, especially if they have other resources that need to be encrypted as well. It's worth considering, for sure.
upvoted 0 times
...
Wilson
8 months ago
Okay, let's think this through. We need to encrypt the data at rest, so the EBS volumes need to be encrypted. That means option B is the way to go, right?
upvoted 0 times
...
Franchesca
8 months ago
Haha, yeah, I can already see someone suggesting we write a custom encryption algorithm just to show off their coding skills. Come on, people, let's keep it simple!
upvoted 0 times
...
Denae
8 months ago
I agree, Sherill. This seems like a straightforward question, but I'm sure some of the candidates will try to get creative and end up picking the wrong answer.
upvoted 0 times
...
Sherill
8 months ago
Oh man, this is a tricky one! Encrypting data at rest is crucial, especially when dealing with classified information. I wonder how many people are going to overthink this and come up with some convoluted solution.
upvoted 0 times
Ashlee
8 months ago
D) Create an AWS Key Management Service (AWS KMS) key policy that enforces EBS encryption in the account Ensure that the key policy is active
upvoted 0 times
...
Domitila
8 months ago
A) Create an IAM role that specifies EBS encryption Attach the role to the EC2 instances
upvoted 0 times
...
Rosenda
8 months ago
B) Create the EBS volumes as encrypted volumes Attach the EBS volumes to the EC2 instances
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77