A company's compliance audit reveals that some Amazon Elastic Block Store (Amazon EBS) volumes that were created in an AWS account were not encrypted. A solutions architect must implement a solution to encrypt all new EBS volumes at rest.
Which solution will meet this requirement with the LEAST effort?
Turning on EBS encryption by default in all AWS Regions will ensure that all new EBS volumes are automatically encrypted at rest, providing a solution that requires the least effort to manage and implement. This approach eliminates the need for continuous monitoring and correcting noncompliant volumes, thereby simplifying compliance management.
"must implement a solution to encrypt all NEWWW EBS volumes at rest."
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-encrypt-existing-and-new-amazon-ebs-volumes.html
The question states: ' A solutions architect must implement a solution to encrypt all new EBS volumes at rest' reference: https://repost.aws/knowledge-center/ebs-automatic-encryption
Least effort option
Answer: D Encryption of Amazon Elastic Block Store (Amazon EBS) volumes is important to an organization's data protection strategy. It is an important step in establishing a well-architected environment. Although there is no direct way to encrypt existing unencrypted EBS volumes or snapshots, you can encrypt them by creating a new volume or snapshot. https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-encrypt-existing-and-new-amazon-ebs-volumes.html
The keyword is all NEW EBS volumes. So by make EBS Encryption default, it means all new EBS will be encrypted without additional configuration.
Option D
I am not picking an answer, I just wanted to point out that EBS encryption is regions specific. option D says : Turn on EBS encryption by default in all AWS Regions. there is no such feature. Option D still appears to be the best answer
there is no direct way to encrypt existing unencrypted EBS volumes or snapshots. https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-encrypt-existing-and-new-amazon-ebs-volumes.html