Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SAA-C03 Topic 1 Question 32 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 32
Topic #: 1
[All SAA-C03 Questions]

A company website hosted on Amazon EC2 instances processes classified data stored in The application writes data to Amazon Elastic Block Store (Amazon EBS) volumes The company needs to ensure that all data that is written to the EBS volumes is encrypted at rest.

Which solution will meet this requirement?

Show Suggested Answer Hide Answer
Suggested Answer: B

The simplest and most effective way to ensure that all data that is written to the EBS volumes is encrypted at rest is to create the EBS volumes as encrypted volumes. You can do this by selecting the encryption option when you create a new EBS volume, or by copying an existing unencrypted volume to a new encrypted volume. You can also specify the AWS KMS key that you want to use for encryption, or use the default AWS-managed key. When you attach the encrypted EBS volumes to the EC2 instances, the data will be automatically encrypted and decrypted by the EC2 host. This solution does not require any additional IAM roles, tags, or policies.


Amazon EBS encryption

Creating an encrypted EBS volume

Encrypting an unencrypted EBS volume

by Devora at Apr 11, 2024, 10:16 AM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Odette
7 months ago
Thanks for the explanation, I think I understand now. I agree with you that D) seems like the best solution.
upvoted 0 times
...
Alverta
7 months ago
Of course, Creating a KMS key policy ensures encryption at the EBS level, providing a secure solution for data at rest.
upvoted 0 times
...
Gail
8 months ago
Sure, can you explain why you think D) is the correct answer?
upvoted 0 times
...
Odette
8 months ago
I'm not sure which one to choose. Can someone explain their rationale for their answer?
upvoted 0 times
...
Alverta
8 months ago
I disagree with you, I believe the correct answer is D) Create an AWS Key Management Service key policy that enforces EBS encryption.
upvoted 0 times
...
Gail
8 months ago
I think the answer is B) Create the EBS volumes as encrypted volumes Attach the EBS volumes to the EC2 instances.
upvoted 0 times
...
Elfriede
8 months ago
I think option D is the way to go. Creating a KMS key policy for encryption gives more control.
upvoted 0 times
...
Kiley
9 months ago
I agree with Clorinda. Option B seems like the most direct way to ensure encryption.
upvoted 0 times
...
Clorinda
9 months ago
I disagree, I believe option B is more straightforward.
upvoted 0 times
...
Ashleigh
9 months ago
I think option A is the best solution.
upvoted 0 times
...
Bea
10 months ago
But what about the AWS KMS key policy? Doesn't that play a role in enforcing the encryption at the account level?
upvoted 0 times
...
Billy
10 months ago
Hold on, what about option D? Creating an AWS KMS key policy that enforces EBS encryption could be a good way to ensure encryption across the entire account, not just for these specific instances.
upvoted 0 times
...
Noemi
10 months ago
Yeah, that seems like the most straightforward approach. I'm not sure the other options would be as effective in meeting the requirement. Plus, option B is nice and simple - no need to mess around with IAM roles or KMS keys.
upvoted 0 times
Gertude
9 months ago
Yeah, creating encrypted volumes and attaching them to the instances sounds like a secure solution.
upvoted 0 times
...
Murray
9 months ago
I think option B would be the best choice here.
upvoted 0 times
...
...
Corazon
10 months ago
Yep, Wilson's got it. Creating the EBS volumes as encrypted volumes and then attaching them to the EC2 instances is the most straightforward solution. No need to mess around with IAM roles or custom tags.
upvoted 0 times
...
Casie
10 months ago
Haha, you know what they say - when in doubt, encrypt everything! But seriously, option D does seem like a solid choice. It's a bit more complex than option B, but it could provide better long-term protection.
upvoted 0 times
saqib
10 months ago
You know, that's a good point. That might be a more robust and scalable solution, especially if they have other resources that need to be encrypted as well. It's worth considering, for sure.
upvoted 1 times
...
...
Narcisa
10 months ago
You know, that's a good point. That might be a more robust and scalable solution, especially if they have other resources that need to be encrypted as well. It's worth considering, for sure.
upvoted 0 times
...
Wilson
10 months ago
Okay, let's think this through. We need to encrypt the data at rest, so the EBS volumes need to be encrypted. That means option B is the way to go, right?
upvoted 0 times
...
Franchesca
10 months ago
Haha, yeah, I can already see someone suggesting we write a custom encryption algorithm just to show off their coding skills. Come on, people, let's keep it simple!
upvoted 0 times
...
Denae
10 months ago
I agree, Sherill. This seems like a straightforward question, but I'm sure some of the candidates will try to get creative and end up picking the wrong answer.
upvoted 0 times
...
Sherill
10 months ago
Oh man, this is a tricky one! Encrypting data at rest is crucial, especially when dealing with classified information. I wonder how many people are going to overthink this and come up with some convoluted solution.
upvoted 0 times
Ashlee
10 months ago
D) Create an AWS Key Management Service (AWS KMS) key policy that enforces EBS encryption in the account Ensure that the key policy is active
upvoted 0 times
...
Domitila
10 months ago
A) Create an IAM role that specifies EBS encryption Attach the role to the EC2 instances
upvoted 0 times
...
Rosenda
10 months ago
B) Create the EBS volumes as encrypted volumes Attach the EBS volumes to the EC2 instances
upvoted 0 times
...
...

Save Cancel