ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 548 discussion

Exam question from Amazon's AWS-SysOps
Question #: 548
Topic #: 1
[All AWS-SysOps Questions]

An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, am Amazon RDS PostgreSQL database, an
Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime.
To satisfy the requirements, which one of these services can the SysOps Administrator enable at-rest encryption on?

  • A. EBS General Purpose SSD volumes
  • B. RDS PostgreSQL database
  • C. Amazon EFS file systems
  • D. S3 objects within a bucket
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by YashBindlish at July 13, 2019, 3:50 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
karmaah
Highly Voted 2 years, 12 months ago
Ans is D: Pl find my explanation ; A. Not Possible. It requires Voulume should be encrypted at the time of creation. B. You should specify encryption while creating DB itself which will reflect backups,logs and snapshots too. C. It also requires to have a new encrypted file system. So ignoring this option. D. The Last option. a. By Default , If you enable encryption,only new objects will be encrypted in S3 and rest of the Objects will be unencrypted Status. b. To encrypt your existing Amazon S3 objects with a single request, you can use Amazon S3 batch operations. You provide Amazon S3 batch operations with a list of objects to operate on, and Amazon S3 batch operations calls the respective API to perform the specified operation. You can use the copy operation to copy the existing unencrypted objects and write the new encrypted objects to the same bucket. A single Amazon S3 batch operations job can perform the specified operation on billions of objects containing exabytes of data
upvoted 16 times
pratikshasm6
2 years, 12 months ago
great explanation !!
upvoted 1 times
...
...
YashBindlish
Highly Voted 3 years, 1 month ago
Correct Answer is D
upvoted 8 times
...
albert_kuo
Most Recent 1 year, 3 months ago
Selected Answer: D
To enable encryption for S3 objects within a bucket, you can enable default encryption on the S3 bucket. This ensures that all new objects uploaded to the bucket are automatically encrypted at rest. For existing objects, you can use S3's server-side encryption APIs or S3 Copy operation with encryption options to re-upload the objects with encryption enabled.
upvoted 1 times
...
antthomas
2 years, 9 months ago
Selected Answer: D
RDS,EBS and S3 can’t be encrypted in rest. C is only Correct https://docs.aws.amazon.com/efs/latest/ug/efs-enforce-encryption.html
upvoted 1 times
...
Moon
3 years ago
Correct answer is D
upvoted 3 times
...
AbhishekGupta
3 years ago
S3 can only provide in-place encryption. So correct answer is D
upvoted 5 times
...
AbhishekGupta
3 years ago
RDS,EBS and S3 can’t be encrypted in rest. C is only Correct https://docs.aws.amazon.com/efs/latest/ug/efs-enforce-encryption.html
upvoted 2 times
...
saumenP
3 years ago
C not correct because "You can only enable encryption for a file system when you create it". In this case the application already using it. Ref: https://docs.aws.amazon.com/whitepapers/latest/efs-encrypted-file-systems/creating-an-encrypted-file-system.html
upvoted 4 times
Lalo
6 months, 1 week ago
DDDDDDDDDDDDDDDDDDDDDDD is correct A. EBS General Purpose SSD volumes • https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html • Encrypt unencrypted resources o You cannot directly encrypt existing unencrypted volumes or snapshots. B. RDS PostgreSQL database • https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/encrypt-an-existing-amazon-rds-for-postgresql-db-instance.html • You can enable encryption for an Amazon RDS DB instance when you create it, but not after it's created. C. Amazon EFS file systems • https://repost.aws/knowledge-center/efs-turn-on-encryption-at-rest • You cannot modify an unencrypted file system to make it encrypted. o Instead, you need to create a new, encrypted file system.) D. S3 objects within a bucket
upvoted 1 times
...
...
jxhyxxclyp
3 years ago
WHY NOT C???
upvoted 1 times
Drey
2 years, 11 months ago
because EFS can only be encrypted upon creation. you should migrate data in an newly created encrypted EFS from the unencrypted one.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago