Examice

Exam SAP-C02 All QuestionsBrowse all questions from this exam

Question 517

A company has deployed applications to thousands of Amazon EC2 instances in an AWS account. A security audit discovers that several unencrypted Amazon Elastic Block Store (Amazon EBS) volumes are attached to the EC2 instances. The company’s security policy requires the EBS volumes to be encrypted.

The company needs to implement an automated solution to encrypt the EBS volumes. The solution also must prevent development teams from creating unencrypted EBS volumes.

Which solution will meet these requirements?

Configure the AWS Config managed rule that identifies unencrypted EBS volumes. Configure an automatic remediation action. Associate an AWS Systems Manager Automation runbook that includes the steps to create a new encrypted EBS volume. Create an AWS Key Management Service (AWS KMS) customer managed key. In the key policy, include a statement to deny the creation of unencrypted EBS volumes.

Use AWS Systems Manager Fleet Manager to create a list of unencrypted EBS volumes, Create a Systems Manager Automation runbook that includes the steps to create a new encrypted EBS volume. Create an SCP to deny the creation of unencrypted EBS volumes.

Use AWS Systems Manager Fleet Manager to create a list of unencrypted EBS volumes. Create a Systems Manager Automation runbook that includes the steps to create a new encrypted EBS volume. Modify the AWS account setting for EBS encryption to always encrypt new EBS volumes.

Configure the AWS Config managed rule that identifies unencrypted EBS volumes. Configure an automatic remediation action. Associate an AWS Systems Manager Automation runbook that includes the steps to create a new encrypted EBS volume. Modify the AWS account setting for EBS encryption to always encrypt new EBS volumes.

Correct Answer: D

The correct approach involves using the AWS Config managed rule to identify unencrypted EBS volumes, as it continually monitors and assesses compliance with desired configurations. Enabling automatic remediation and associating an AWS Systems Manager Automation runbook ensures that any unencrypted volumes found are promptly encrypted. By modifying the AWS account setting for EBS encryption to default to encryption, it prevents future creation of unencrypted EBS volumes. This solution meets both the identification and prevention requirements.

Discussion

HelpnosenseOption: D

Use config to find unencrypted EBS. Change the default setting.

kupo777

D Enabling default encryption for EBSs prevents the creation of unencrypted EBSs.

awsazOption: D

the answer is D

vip2Option: D

D is correct instead of A because AWS support change account setting for EBS encryption