Examice

Exam SAP-C02 All QuestionsBrowse all questions from this exam

Question 319

A company's compliance audit reveals that some Amazon Elastic Block Store (Amazon EBS) volumes that were created in an AWS account were not encrypted. A solutions architect must implement a solution to encrypt all new EBS volumes at rest.

Which solution will meet this requirement with the LEAST effort?

Create an Amazon EventBridge rule to detect the creation of unencrypted EBS volumes. Invoke an AWS Lambda function to delete noncompliant volumes.

Use AWS Audit Manager with data encryption.

Create an AWS Config rule to detect the creation of a new EBS volume. Encrypt the volume by using AWS Systems Manager Automation.

Turn on EBS encryption by default in all AWS Regions.

Correct Answer: D

Turning on EBS encryption by default in all AWS Regions will ensure that all new EBS volumes are automatically encrypted at rest, providing a solution that requires the least effort to manage and implement. This approach eliminates the need for continuous monitoring and correcting noncompliant volumes, thereby simplifying compliance management.

Discussion

joleneinthebackyardOption: D

"must implement a solution to encrypt all NEWWW EBS volumes at rest."

vibzr2023

Answer: D Encryption of Amazon Elastic Block Store (Amazon EBS) volumes is important to an organization's data protection strategy. It is an important step in establishing a well-architected environment. Although there is no direct way to encrypt existing unencrypted EBS volumes or snapshots, you can encrypt them by creating a new volume or snapshot. https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-encrypt-existing-and-new-amazon-ebs-volumes.html

s61Option: D

Least effort option

gonzalesOption: D

The question states: ' A solutions architect must implement a solution to encrypt all new EBS volumes at rest' reference: https://repost.aws/knowledge-center/ebs-automatic-encryption

KungLjaoOption: C

https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-encrypt-existing-and-new-amazon-ebs-volumes.html

airgeadOption: D

The keyword is all NEW EBS volumes. So by make EBS Encryption default, it means all new EBS will be encrypted without additional configuration.

mark_232323Option: C

there is no direct way to encrypt existing unencrypted EBS volumes or snapshots. https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-encrypt-existing-and-new-amazon-ebs-volumes.html

Russs99Option: D

I am not picking an answer, I just wanted to point out that EBS encryption is regions specific. option D says : Turn on EBS encryption by default in all AWS Regions. there is no such feature. Option D still appears to be the best answer

career360guruOption: D

Option D