SAP-C02 Exam QuestionsBrowse all questions from this exam
Go to Exam

SAP-C02 Exam - Question 517

A company has deployed applications to thousands of Amazon EC2 instances in an AWS account. A security audit discovers that several unencrypted Amazon Elastic Block Store (Amazon EBS) volumes are attached to the EC2 instances. The company’s security policy requires the EBS volumes to be encrypted.

The company needs to implement an automated solution to encrypt the EBS volumes. The solution also must prevent development teams from creating unencrypted EBS volumes.

Which solution will meet these requirements?

Show Answer
Correct Answer: D

The correct approach involves using the AWS Config managed rule to identify unencrypted EBS volumes, as it continually monitors and assesses compliance with desired configurations. Enabling automatic remediation and associating an AWS Systems Manager Automation runbook ensures that any unencrypted volumes found are promptly encrypted. By modifying the AWS account setting for EBS encryption to default to encryption, it prevents future creation of unencrypted EBS volumes. This solution meets both the identification and prevention requirements.

Discussion

4 comments
Sign in to comment
awsazOption: D
Jun 28, 2024

the answer is D

kupo777
Jun 29, 2024

D Enabling default encryption for EBSs prevents the creation of unencrypted EBSs.

HelpnosenseOption: D
Jul 3, 2024

Use config to find unencrypted EBS. Change the default setting.

vip2Option: D
Jul 6, 2024

D is correct instead of A because AWS support change account setting for EBS encryption