Amazon Exam SAA-C03 Topic 1 Question 32 Discussion

Actual exam question for Amazon's SAA-C03 exam

Question #: 32
Topic #: 1

A company website hosted on Amazon EC2 instances processes classified data stored in The application writes data to Amazon Elastic Block Store (Amazon EBS) volumes The company needs to ensure that all data that is written to the EBS volumes is encrypted at rest.

Which solution will meet this requirement?

ACreate an 1AM role that specifies EBS encryption Attach the role to the EC2 instances

BCreate the EBS volumes as encrypted volumes Attach the EBS volumes to the EC2 instances

CCreate an EC2 instance tag that has a key of Encrypt and a value of True Tag all instances that require encryption at the EBS level

DCreate an AWS Key Management Service (AWS KMS) key policy that enforces EBS encryption in the account Ensure that the key policy is active

Show Suggested Answer

Suggested Answer: B

The simplest and most effective way to ensure that all data that is written to the EBS volumes is encrypted at rest is to create the EBS volumes as encrypted volumes. You can do this by selecting the encryption option when you create a new EBS volume, or by copying an existing unencrypted volume to a new encrypted volume. You can also specify the AWS KMS key that you want to use for encryption, or use the default AWS-managed key. When you attach the encrypted EBS volumes to the EC2 instances, the data will be automatically encrypted and decrypted by the EC2 host. This solution does not require any additional IAM roles, tags, or policies.

Amazon EBS encryption

Creating an encrypted EBS volume

Encrypting an unencrypted EBS volume

by Devora at Apr 11, 2024, 10:16 AM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Bea

10 days ago

But what about the AWS KMS key policy? Doesn't that play a role in enforcing the encryption at the account level?

upvoted 0 times

...

Billy

10 days ago

Hold on, what about option D? Creating an AWS KMS key policy that enforces EBS encryption could be a good way to ensure encryption across the entire account, not just for these specific instances.

upvoted 0 times

...

Noemi

11 days ago

Yeah, that seems like the most straightforward approach. I'm not sure the other options would be as effective in meeting the requirement. Plus, option B is nice and simple - no need to mess around with IAM roles or KMS keys.

upvoted 0 times

...

Corazon

12 days ago

Yep, Wilson's got it. Creating the EBS volumes as encrypted volumes and then attaching them to the EC2 instances is the most straightforward solution. No need to mess around with IAM roles or custom tags.

upvoted 0 times

...

Casie

12 days ago

Haha, you know what they say - when in doubt, encrypt everything! But seriously, option D does seem like a solid choice. It's a bit more complex than option B, but it could provide better long-term protection.

upvoted 0 times

...

Narcisa

13 days ago

You know, that's a good point. That might be a more robust and scalable solution, especially if they have other resources that need to be encrypted as well. It's worth considering, for sure.

upvoted 0 times

...

Wilson

13 days ago

Okay, let's think this through. We need to encrypt the data at rest, so the EBS volumes need to be encrypted. That means option B is the way to go, right?

upvoted 0 times

...

Franchesca

14 days ago

Haha, yeah, I can already see someone suggesting we write a custom encryption algorithm just to show off their coding skills. Come on, people, let's keep it simple!

upvoted 0 times

...

Denae

16 days ago

I agree, Sherill. This seems like a straightforward question, but I'm sure some of the candidates will try to get creative and end up picking the wrong answer.

upvoted 0 times

...

Sherill

18 days ago

Oh man, this is a tricky one! Encrypting data at rest is crucial, especially when dealing with classified information. I wonder how many people are going to overthink this and come up with some convoluted solution.

upvoted 0 times

...