ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 887 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 887
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company plans to rehost an application to Amazon EC2 instances that use Amazon Elastic Block Store (Amazon EBS) as the attached storage.

A solutions architect must design a solution to ensure that all newly created Amazon EBS volumes are encrypted by default. The solution must also prevent the creation of unencrypted EBS volumes.

Which solution will meet these requirements?

  • A. Configure the EC2 account attributes to always encrypt new EBS volumes.
  • B. Use AWS Config. Configure the encrypted-volumes identifier. Apply the default AWS Key Management Service (AWS KMS) key.
  • C. Configure AWS Systems Manager to create encrypted copies of the EBS volumes. Reconfigure the EC2 instances to use the encrypted volumes.
  • D. Create a customer managed key in AWS Key Management Service (AWS KMS). Configure AWS Migration Hub to use the key when the company migrates workloads.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by viejito at May 10, 2024, 4:17 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Scheldon
Highly Voted 7 months ago
Selected Answer: A
AnswerA The task is to force automatic encryption for every new EBS volume and prevent possibility of creation any unencrypted volume hence: https://docs.aws.amazon.com/ebs/latest/userguide/work-with-ebs-encr.html#ebs-encryption_key_mgmt To enable encryption by default for a Region Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. From the navigation bar, select the Region. From the navigation pane, select EC2 Dashboard. In the upper-right corner of the page, choose Account Attributes, Data protection and security. Choose Manage. Select Enable. You keep the AWS managed key with the alias alias/aws/ebs created on your behalf as the default encryption key, or choose a symmetric customer managed encryption key. Choose Update EBS encryption.
upvoted 9 times
...
Xandero
Most Recent 3 weeks ago
Selected Answer: A
https://docs.aws.amazon.com/ebs/latest/userguide/encryption-by-default.html
upvoted 1 times
...
EdricHoang
5 months, 3 weeks ago
Selected Answer: B
"The solution must also prevent the creation of unencrypted EBS volumes." For prevention future actions, I go for AWS config. You can setup Encryption in EC2, but Its manual process, what happen if you add one or more EC2?
upvoted 2 times
...
Scheldon
7 months ago
AnswerA https://docs.aws.amazon.com/ebs/latest/userguide/work-with-ebs-encr.html#ebs-encryption_key_mgmt To enable encryption by default for a Region Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. From the navigation bar, select the Region. From the navigation pane, select EC2 Dashboard. In the upper-right corner of the page, choose Account Attributes, Data protection and security. Choose Manage. Select Enable. You keep the AWS managed key with the alias alias/aws/ebs created on your behalf as the default encryption key, or choose a symmetric customer managed encryption key. Choose Update EBS encryption.
upvoted 1 times
...
0bdf3af
7 months, 1 week ago
A. https://repost.aws/knowledge-center/ebs-automatic-encryption
upvoted 2 times
...
lsomas
7 months, 2 weeks ago
Selected Answer: B
As it needs to prevent creation of Unencrypted EBS volume
upvoted 3 times
...
viejito
7 months, 3 weeks ago
B es correcto , AWS Config para identificar automáticamente los volúmenes de EBS no cifrados y aplicar una acción correctiva.A,C,D : incorrectas , no cumplen con el cifrado automático
upvoted 3 times
JA2018
3 weeks, 5 days ago
From Google Translate B is OK, AWS Config to automatically identify unencrypted EBS volumes and apply corrective action. A,C,D: Incorrect, do not comply with
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago