Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 410 discussion

The solution that will meet the requirement of ensuring that all data that is written to the EBS volumes is encrypted at rest is B. Create the EBS volumes as encrypted volumes and attach the encrypted EBS volumes to the EC2 instances. When you create an EBS volume, you can specify whether to encrypt the volume. If you choose to encrypt the volume, all data written to the volume is automatically encrypted at rest using AWS-managed keys. You can also use customer-managed keys (CMKs) stored in AWS KMS to encrypt and protect your EBS volumes. You can create encrypted EBS volumes and attach them to EC2 instances to ensure that all data written to the volumes is encrypted at rest. Answer A is incorrect because attaching an IAM role to the EC2 instances does not automatically encrypt the EBS volumes. Answer C is incorrect because adding an EC2 instance tag does not ensure that the EBS volumes are encrypted.

B is the answer

B. Create the EBS volumes as encrypted volumes. Attach the EBS volumes to the EC2 instances.

Windows client = Amazon FSx for Windows File Server

The other options either do not meet the requirement of encrypting data at rest (A and C) or do so in a more complex or less efficient manner (D).

Why not D, EBS encryption require the use of KMS key

Create encrypted EBS volumes and attach encrypted EBS volumes to EC2 instances..

Use Amazon EBS encryption as an encryption solution for your EBS resources associated with your EC2 instances.Select KMS Keys either default or custom

Answer B. You can enable encryption for EBS volumes while creating them.

bbbbbbbb