Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 808 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 808
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company has multiple AWS accounts. The company recently had a security audit that revealed many unencrypted Amazon Elastic Block Store (Amazon EBS) volumes attached to Amazon EC2 instances.
A solutions architect must encrypt the unencrypted volumes and ensure that unencrypted volumes will be detected automatically in the future. Additionally, the company wants a solution that can centrally manage multiple AWS accounts with a focus on compliance and security.
Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)

  • A. Create an organization in AWS Organizations. Set up AWS Control Tower, and turn on the strongly recommended guardrails. Join all accounts to the organization. Categorize the AWS accounts into OUs.
  • B. Use the AWS CLI to list all the unencrypted volumes in all the AWS accounts. Run a script to encrypt all the unencrypted volumes in place.
  • C. Create a snapshot of each unencrypted volume. Create a new encrypted volume from the unencrypted snapshot. Detach the existing volume, and replace it with the encrypted volume.
  • D. Create an organization in AWS Organizations. Set up AWS Control Tower, and turn on the mandatory guardrails. Join all accounts to the organization. Categorize the AWS accounts into OUs.
  • E. Turn on AWS CloudTrail. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to detect and automatically encrypt unencrypted volumes.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
Reference:
https://docs.aws.amazon.com/controltower/latest/userguide/guardrails.html https://aws.amazon.com/premiumsupport/knowledge-center/create-unencrypted-volume-kms-key/
by Smartphone at Jan. 4, 2022, 3:11 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Smartphone
Highly Voted 2 years, 9 months ago
A. CORRECT - The strongly recommended guardrails enables to detect Whether Encryption is enabled for Amazon EBS Volumes Attached to Amazon EC2 Instances (https://docs.aws.amazon.com/controltower/latest/userguide/strongly-recommended-guardrails.html) B. NOT CORRECT - This is a complete manual task C. CORRECT - This is the only way to change the unencrypted volume to encrypted volume that is attached to EC2 instances. D. NOT CORRECT - The mandatory guardrails are created by the AWS itself. (https://docs.aws.amazon.com/controltower/latest/userguide/mandatory-guardrails.html) E. Not Correct - Cloudtrail can not solve the this problem.
upvoted 8 times
RVivek
2 years, 7 months ago
Good explanation. However C says create encrypted volume from unencruyptedsnapshot . We have to coy unencypted nopshot to an encryptedsnapsot , then create a voume from it
upvoted 1 times
...
...
AYANtheGLADIATOR
Most Recent 2 years, 1 month ago
We can't make a encrypted volume from an unencrypted snapshot.
upvoted 2 times
...
asfsdfsdf
2 years, 2 months ago
Selected Answer: AC
C for sure - no other way to do it A is the most correct other answer since EBS encryption is part of the strongly recommended guardrails https://docs.aws.amazon.com/controltower/latest/userguide/strongly-recommended-guardrails.html
upvoted 2 times
...
wahlbergusa
2 years, 9 months ago
I was gonna choose C,D but it seems the mandatory guardrails are enabled by default. (no need to manually turn them on). Hence I' d go with A,C.
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel