ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 682 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 682
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company needs a solution to enforce data encryption at rest on Amazon EC2 instances. The solution must automatically identify noncompliant resources and enforce compliance policies on findings.

Which solution will meet these requirements with the LEAST administrative overhead?

  • A. Use an IAM policy that allows users to create only encrypted Amazon Elastic Block Store (Amazon EBS) volumes. Use AWS Config and AWS Systems Manager to automate the detection and remediation of unencrypted EBS volumes.
  • B. Use AWS Key Management Service (AWS KMS) to manage access to encrypted Amazon Elastic Block Store (Amazon EBS) volumes. Use AWS Lambda and Amazon EventBridge to automate the detection and remediation of unencrypted EBS volumes.
  • C. Use Amazon Macie to detect unencrypted Amazon Elastic Block Store (Amazon EBS) volumes. Use AWS Systems Manager Automation rules to automatically encrypt existing and new EBS volumes.
  • D. Use Amazon inspector to detect unencrypted Amazon Elastic Block Store (Amazon EBS) volumes. Use AWS Systems Manager Automation rules to automatically encrypt existing and new EBS volumes.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by meenkaza at Dec. 29, 2023, 5:32 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
meenkaza
Highly Voted 9 months, 4 weeks ago
Selected Answer: A
IAM Policy and AWS Config (Option A): By creating an IAM policy that allows users to create only encrypted EBS volumes, you proactively prevent the creation of unencrypted volumes. Using AWS Config, you can set up rules to detect noncompliant resources, and AWS Systems Manager Automation can be used for automated remediation. This approach provides a proactive and automated solution.
upvoted 13 times
...
LeonSauveterre
Most Recent 4 months, 1 week ago
Selected Answer: A
Not B - because when you want to detect unencrypted EBS volumes using Lambda and EventBridge, the codes you'll need to compose is so much more than you think. Just leave that whole shebang to AWS Config and then you'll choose A accordingly.
upvoted 1 times
...
88f8032
5 months, 3 weeks ago
Selected Answer: B
Isn't B simpler?
upvoted 1 times
...
awsgeek75
9 months, 2 weeks ago
Selected Answer: A
B: Too much work C: Macie is for PII and sensitive data not for encrypted volumes D: Inspector for OS patching and vulnerability detections
upvoted 2 times
...
f2e2419
9 months, 2 weeks ago
why not B?
upvoted 1 times
...
OSHOAIB
9 months, 3 weeks ago
Selected Answer: A
Option A - enforces the creation of encrypted volumes via IAM policies and uses AWS Config for detection and AWS Systems Manager for remediation with the LEAST administrative overhead.
upvoted 3 times
...
pentium75
9 months, 3 weeks ago
Selected Answer: A
A as exactly described here: https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-encrypt-existing-and-new-amazon-ebs-volumes.html Not B, that could in theory work but would be massive operational overhead Not C, Macie detects PII data, not unencrypted volumes Not D, Inspector detects vulnerabilities, not unencrypted volumes
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago