Exam AWS Certified Cloud Practitioner topic 1 question 605 discussion

B. AWS Customers. -- Newly created Amazon EBS volumes aren't encrypted by default. -- You, as an AWS Customer, can turn on default encryption for new EBS volumes. >> https://aws.amazon.com/premiumsupport/knowledge-center/ebs-automatic-encryption/#:~:text=Short%20description,Cloud%20(Amazon%20EC2)%20console.

C. AWS Key Management Service (AWS KMS) AWS KMS allows customers to create and manage encryption keys used to encrypt their data, including data stored in Amazon EBS volumes. Customers can choose to encrypt their EBS volumes using AWS-managed keys or their own customer-managed keys (CMKs) created and managed through AWS KMS. This provides a secure way to encrypt data stored in EBS volumes, ensuring its protection while at rest.

B. AWS customers

Amazon EBS is a block-level storage service that provides persistent block storage volumes for use with Amazon EC2 instances. AWS customers can enable encryption of data at rest for Amazon EBS volumes by specifying an encryption key when creating a new volume, or by encrypting an existing volume using AWS KMS.

'Who' implies a subject (AWS Customer)

I agree. The question is who, not what. Then, the correct answer is B.

The question is asking who is enabling the encryption. Therefore, it should be B, right?

C. AWS Key Management Service (AWS KMS) Amazon EBS encrypts your volume with a data key using industry-standard AES-256 data encryption. The data key is generated by AWS KMS and then encrypted by AWS KMS with your AWS KMS key prior to being stored with your volume information. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html