Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam SAA-C03 Topic 1 Question 32 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 32
Topic #: 1
[All SAA-C03 Questions]

A company website hosted on Amazon EC2 instances processes classified data stored in The application writes data to Amazon Elastic Block Store (Amazon EBS) volumes The company needs to ensure that all data that is written to the EBS volumes is encrypted at rest.

Which solution will meet this requirement?

Show Suggested Answer Hide Answer
Suggested Answer: B

The simplest and most effective way to ensure that all data that is written to the EBS volumes is encrypted at rest is to create the EBS volumes as encrypted volumes. You can do this by selecting the encryption option when you create a new EBS volume, or by copying an existing unencrypted volume to a new encrypted volume. You can also specify the AWS KMS key that you want to use for encryption, or use the default AWS-managed key. When you attach the encrypted EBS volumes to the EC2 instances, the data will be automatically encrypted and decrypted by the EC2 host. This solution does not require any additional IAM roles, tags, or policies.


Amazon EBS encryption

Creating an encrypted EBS volume

Encrypting an unencrypted EBS volume

by Devora at Apr 11, 2024, 10:16 AM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Odette
10 months ago
Thanks for the explanation, I think I understand now. I agree with you that D) seems like the best solution.
upvoted 0 times
...
Alverta
10 months ago
Of course, Creating a KMS key policy ensures encryption at the EBS level, providing a secure solution for data at rest.
upvoted 0 times
...
Gail
10 months ago
Sure, can you explain why you think D) is the correct answer?
upvoted 0 times
...
Odette
11 months ago
I'm not sure which one to choose. Can someone explain their rationale for their answer?
upvoted 0 times
...
Alverta
11 months ago
I disagree with you, I believe the correct answer is D) Create an AWS Key Management Service key policy that enforces EBS encryption.
upvoted 0 times
...
Gail
11 months ago
I think the answer is B) Create the EBS volumes as encrypted volumes Attach the EBS volumes to the EC2 instances.
upvoted 0 times
...
Elfriede
11 months ago
I think option D is the way to go. Creating a KMS key policy for encryption gives more control.
upvoted 0 times
...
Kiley
12 months ago
I agree with Clorinda. Option B seems like the most direct way to ensure encryption.
upvoted 0 times
...
Clorinda
12 months ago
I disagree, I believe option B is more straightforward.
upvoted 0 times
...
Ashleigh
1 years ago
I think option A is the best solution.
upvoted 0 times
...
Bea
1 years ago
But what about the AWS KMS key policy? Doesn't that play a role in enforcing the encryption at the account level?
upvoted 0 times
...
Billy
1 years ago
Hold on, what about option D? Creating an AWS KMS key policy that enforces EBS encryption could be a good way to ensure encryption across the entire account, not just for these specific instances.
upvoted 0 times
...
Noemi
1 years ago
Yeah, that seems like the most straightforward approach. I'm not sure the other options would be as effective in meeting the requirement. Plus, option B is nice and simple - no need to mess around with IAM roles or KMS keys.
upvoted 0 times
Gertude
12 months ago
Yeah, creating encrypted volumes and attaching them to the instances sounds like a secure solution.
upvoted 0 times
...
Murray
12 months ago
I think option B would be the best choice here.
upvoted 0 times
...
...
Corazon
1 years ago
Yep, Wilson's got it. Creating the EBS volumes as encrypted volumes and then attaching them to the EC2 instances is the most straightforward solution. No need to mess around with IAM roles or custom tags.
upvoted 0 times
...
Casie
1 years ago
Haha, you know what they say - when in doubt, encrypt everything! But seriously, option D does seem like a solid choice. It's a bit more complex than option B, but it could provide better long-term protection.
upvoted 0 times
saqib
1 years ago
You know, that's a good point. That might be a more robust and scalable solution, especially if they have other resources that need to be encrypted as well. It's worth considering, for sure.
upvoted 1 times
...
...
Narcisa
1 years ago
You know, that's a good point. That might be a more robust and scalable solution, especially if they have other resources that need to be encrypted as well. It's worth considering, for sure.
upvoted 0 times
...
Wilson
1 years ago
Okay, let's think this through. We need to encrypt the data at rest, so the EBS volumes need to be encrypted. That means option B is the way to go, right?
upvoted 0 times
...
Franchesca
1 years ago
Haha, yeah, I can already see someone suggesting we write a custom encryption algorithm just to show off their coding skills. Come on, people, let's keep it simple!
upvoted 0 times
...
Denae
1 years ago
I agree, Sherill. This seems like a straightforward question, but I'm sure some of the candidates will try to get creative and end up picking the wrong answer.
upvoted 0 times
...
Sherill
1 years ago
Oh man, this is a tricky one! Encrypting data at rest is crucial, especially when dealing with classified information. I wonder how many people are going to overthink this and come up with some convoluted solution.
upvoted 0 times
Ashlee
1 years ago
D) Create an AWS Key Management Service (AWS KMS) key policy that enforces EBS encryption in the account Ensure that the key policy is active
upvoted 0 times
...
Domitila
1 years ago
A) Create an IAM role that specifies EBS encryption Attach the role to the EC2 instances
upvoted 0 times
...
Rosenda
1 years ago
B) Create the EBS volumes as encrypted volumes Attach the EBS volumes to the EC2 instances
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77