Who enables encryption of data at rest for Amazon Elastic Block Store (Amazon EBS)?
Who enables encryption of data at rest for Amazon Elastic Block Store (Amazon EBS)?
AWS Key Management Service (AWS KMS) enables the encryption of data at rest for Amazon Elastic Block Store (Amazon EBS). AWS KMS is the service that provides the cryptographic keys used to encrypt and decrypt data. When you create and manage these keys through AWS KMS, it performs the actual encryption process to protect the stored data at rest in EBS.
Not sure, but going for B: While AWS KMS does the encryption on a technical level, the customer needs to initiate the configuration in AWS KMS to do the encryption?! Otherwise, there wouldn't be unencrypted devices. Found this "You can enable encryption automatically on all new EBS volumes and snapshot copies in your AWS account and Region." This "you" is the customer... semantics, I know. Still going for B. https://docs.aws.amazon.com/kms/latest/developerguide/services-ebs.html
The answer is B. The customer has to select AWS KMS. If the customer does not explicit select it then nothing will be encrypted. The question asks "who enables encryption" not what is used to encrypt. Therefore, since the user has to enable the service the answer should be B the user.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html If customer selects/uses AWS KMS key for EBS encryption then KMS key policy allows any user with with access to the required AWS KMS actions to use this KMS key to encrypt or decrypt EBS resources. So answer is B.
B is correct
A. AWS Support - AWS Support does not directly enable encryption for EBS. They provide support and guidance, but the customer or AWS KMS is responsible for enabling encryption. B. AWS customers - AWS customers are responsible for enabling encryption for their EBS volumes, but they do so using AWS KMS. C. AWS Key Management Service (AWS KMS) - AWS KMS is the service that provides the encryption keys and enables encryption of data at rest for Amazon EBS. Customers can use AWS KMS to create, manage, and use cryptographic keys to protect their data. D. AWS Trusted Advisor - AWS Trusted Advisor is a service that provides recommendations to optimize your AWS environment, but it does not directly enable encryption for EBS volumes. So, the correct answer is option C. AWS Key Management Service (AWS KMS) enables encryption of data at rest for Amazon Elastic Block Store (Amazon EBS).
Who refers to a person but can also refer to a non-person, which depends on context and grammar usage. I'll go with B.) AWS Customer Data at rest is not enabled by default, which would require the customer's interaction to make it so. That's my logic for the question.
According to the official documentation, when you create an encrypted EBS volume and attach it to a supported instance type, data stored at rest on the volume, disk I/O, and snapshots created from the volume are all encrypted. The encryption occurs on the servers that host EC2 instances, providing encryption of data-in-transit from EC2 instances to EBS storage 1. The encryption is performed using AWS Key Management Service (AWS KMS) keys when creating encrypted volumes and snapshots. The data key is generated by AWS KMS and then encrypted by AWS KMS with your AWS KMS key prior to being stored with your volume information. All snapshots, and any subsequent volumes created from those snapshots using the same AWS KMS key share the same data key 2. Therefore, the correct answer is C. AWS Key Management Service (AWS KMS).
For me c si correct answer
The data key is generated by AWS KMS and then encrypted by AWS KMS with your AWS KMS key prior to being stored with your volume information
Encryption at EBS is enabled by Aws KMS
https://docs.aws.amazon.com/kms/latest/developerguide/services-ebs.html