An Amazon EC2 instance has a secondary Amazon Elastic Block Store (EBS) volume attached that contains sensitive data. A new company policy requires the secondary volume to be encrypted at rest. Which solution will meet this requirement?
A.
Create a snapshot of the volume. Create a new volume from the snapshot with the Encrypted parameter set to true. Detach the original volume and attach the new volume to the instance.
B.
Create an encrypted Amazon Machine Image (AMI) of the EC2 instance. Launch a new instance with the encrypted AMI. Terminate the original instance.
C.
Stop the EC2 instance. Encrypt the volume with AWS CloudHSM. Start the instance and verify encryption.
D.
Stop the EC2 instance. Modify the instance properties and set the Encrypted parameter to true. Start the instance and verify encryption.
Correct Answer: A
In questions like this "snapshot" is a key-word. Existing EBS volumes cannot be encrypted "on the fly". A new volume must be created from the original volume's snapshot with encryption enabled.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
sapien45
6 months agoTroyMcLure
7 months agoRicardoD
7 months agobinhdt2611
7 months, 1 week ago