ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 320 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 320
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company's compliance audit reveals that some Amazon Elastic Block Store (Amazon EBS) volumes that were created in an AWS account were not encrypted. A solutions architect must implement a solution to encrypt all new EBS volumes at rest.

Which solution will meet this requirement with the LEAST effort?

  • A. Create an Amazon EventBridge rule to detect the creation of unencrypted EBS volumes. Invoke an AWS Lambda function to delete noncompliant volumes.
  • B. Use AWS Audit Manager with data encryption.
  • C. Create an AWS Config rule to detect the creation of a new EBS volume. Encrypt the volume by using AWS Systems Manager Automation.
  • D. Turn on EBS encryption by default in all AWS Regions.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by KungLjao at Oct. 29, 2023, 7:21 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
joleneinthebackyard
Highly Voted 1 year, 5 months ago
Selected Answer: D
"must implement a solution to encrypt all NEWWW EBS volumes at rest."
upvoted 7 times
...
PSPaul
Most Recent 4 months ago
Selected Answer: D
C only address existing unencrypted EBS, not preventing future unencrypted D is so clear "Proactively prevents the creation of unencrypted EBS volumes" The key word is all new EBS volume
upvoted 2 times
...
AzureDP900
5 months, 1 week ago
D The company requires that all new EBS volumes be encrypted at rest. Turning on EBS encryption by default for all regions will automatically encrypt any new EBS volume created, meeting the compliance requirement with minimal effort. This approach ensures that encryption is enabled for all new volumes without requiring additional configuration or automation.
upvoted 1 times
...
mark_232323
9 months, 3 weeks ago
Selected Answer: C
there is no direct way to encrypt existing unencrypted EBS volumes or snapshots. https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-encrypt-existing-and-new-amazon-ebs-volumes.html
upvoted 1 times
Daniel76
6 months ago
The question ask to encrypt new EBS, not the existing.
upvoted 1 times
...
...
Russs99
10 months ago
Selected Answer: D
I am not picking an answer, I just wanted to point out that EBS encryption is regions specific. option D says : Turn on EBS encryption by default in all AWS Regions. there is no such feature. Option D still appears to be the best answer
upvoted 1 times
Daniel76
6 months ago
We may consider it meant to be doing this configuration region by region. It's still require the least effort doing that. :)
upvoted 1 times
...
...
vibzr2023
1 year, 3 months ago
Answer: D Encryption of Amazon Elastic Block Store (Amazon EBS) volumes is important to an organization's data protection strategy. It is an important step in establishing a well-architected environment. Although there is no direct way to encrypt existing unencrypted EBS volumes or snapshots, you can encrypt them by creating a new volume or snapshot. https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-encrypt-existing-and-new-amazon-ebs-volumes.html
upvoted 4 times
...
career360guru
1 year, 3 months ago
Selected Answer: D
Option D
upvoted 1 times
...
airgead
1 year, 5 months ago
Selected Answer: D
The keyword is all NEW EBS volumes. So by make EBS Encryption default, it means all new EBS will be encrypted without additional configuration.
upvoted 2 times
...
s61
1 year, 6 months ago
Selected Answer: D
Least effort option
upvoted 3 times
...
gonzales
1 year, 6 months ago
Selected Answer: D
The question states: ' A solutions architect must implement a solution to encrypt all new EBS volumes at rest' reference: https://repost.aws/knowledge-center/ebs-automatic-encryption
upvoted 3 times
...
KungLjao
1 year, 6 months ago
Selected Answer: C
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-encrypt-existing-and-new-amazon-ebs-volumes.html
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago