Examice

Exam SAA-C03 All QuestionsBrowse all questions from this exam

Question 887

A company plans to rehost an application to Amazon EC2 instances that use Amazon Elastic Block Store (Amazon EBS) as the attached storage.

A solutions architect must design a solution to ensure that all newly created Amazon EBS volumes are encrypted by default. The solution must also prevent the creation of unencrypted EBS volumes.

Which solution will meet these requirements?

Configure the EC2 account attributes to always encrypt new EBS volumes.

Use AWS Config. Configure the encrypted-volumes identifier. Apply the default AWS Key Management Service (AWS KMS) key.

Configure AWS Systems Manager to create encrypted copies of the EBS volumes. Reconfigure the EC2 instances to use the encrypted volumes.

Create a customer managed key in AWS Key Management Service (AWS KMS). Configure AWS Migration Hub to use the key when the company migrates workloads.

Correct Answer: A

To ensure that all newly created Amazon EBS volumes are encrypted by default and to prevent the creation of unencrypted EBS volumes, configure the EC2 account attributes to always encrypt new EBS volumes. This solution automatically encrypts every new EBS volume created, ensuring compliance with the requirement to prevent the creation of unencrypted volumes.

Discussion

ScheldonOption: A

AnswerA The task is to force automatic encryption for every new EBS volume and prevent possibility of creation any unencrypted volume hence: https://docs.aws.amazon.com/ebs/latest/userguide/work-with-ebs-encr.html#ebs-encryption_key_mgmt To enable encryption by default for a Region Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. From the navigation bar, select the Region. From the navigation pane, select EC2 Dashboard. In the upper-right corner of the page, choose Account Attributes, Data protection and security. Choose Manage. Select Enable. You keep the AWS managed key with the alias alias/aws/ebs created on your behalf as the default encryption key, or choose a symmetric customer managed encryption key. Choose Update EBS encryption.

0bdf3af

A. https://repost.aws/knowledge-center/ebs-automatic-encryption

lsomasOption: B

As it needs to prevent creation of Unencrypted EBS volume

viejito

B es correcto , AWS Config para identificar automáticamente los volúmenes de EBS no cifrados y aplicar una acción correctiva.A,C,D : incorrectas , no cumplen con el cifrado automático

EdricHoangOption: B

"The solution must also prevent the creation of unencrypted EBS volumes." For prevention future actions, I go for AWS config. You can setup Encryption in EC2, but Its manual process, what happen if you add one or more EC2?

Scheldon

AnswerA https://docs.aws.amazon.com/ebs/latest/userguide/work-with-ebs-encr.html#ebs-encryption_key_mgmt To enable encryption by default for a Region Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. From the navigation bar, select the Region. From the navigation pane, select EC2 Dashboard. In the upper-right corner of the page, choose Account Attributes, Data protection and security. Choose Manage. Select Enable. You keep the AWS managed key with the alias alias/aws/ebs created on your behalf as the default encryption key, or choose a symmetric customer managed encryption key. Choose Update EBS encryption.