ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 887 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 887
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company plans to rehost an application to Amazon EC2 instances that use Amazon Elastic Block Store (Amazon EBS) as the attached storage.

A solutions architect must design a solution to ensure that all newly created Amazon EBS volumes are encrypted by default. The solution must also prevent the creation of unencrypted EBS volumes.

Which solution will meet these requirements?

  • A. Configure the EC2 account attributes to always encrypt new EBS volumes.
  • B. Use AWS Config. Configure the encrypted-volumes identifier. Apply the default AWS Key Management Service (AWS KMS) key.
  • C. Configure AWS Systems Manager to create encrypted copies of the EBS volumes. Reconfigure the EC2 instances to use the encrypted volumes.
  • D. Create a customer managed key in AWS Key Management Service (AWS KMS). Configure AWS Migration Hub to use the key when the company migrates workloads.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by viejito at May 10, 2024, 4:17 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Scheldon
Highly Voted 1 year ago
Selected Answer: A
AnswerA The task is to force automatic encryption for every new EBS volume and prevent possibility of creation any unencrypted volume hence: https://docs.aws.amazon.com/ebs/latest/userguide/work-with-ebs-encr.html#ebs-encryption_key_mgmt To enable encryption by default for a Region Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. From the navigation bar, select the Region. From the navigation pane, select EC2 Dashboard. In the upper-right corner of the page, choose Account Attributes, Data protection and security. Choose Manage. Select Enable. You keep the AWS managed key with the alias alias/aws/ebs created on your behalf as the default encryption key, or choose a symmetric customer managed encryption key. Choose Update EBS encryption.
upvoted 10 times
...
FlyingHawk
Most Recent 4 months, 2 weeks ago
Selected Answer: A
https://docs.aws.amazon.com/ebs/latest/userguide/encryption-by-default.html You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example, Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot. For examples of transitioning from unencrypted to encrypted EBS resources, see https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html#encrypt-unencrypted: To enable encryption by default for a Region %aws ec2 enable-ebs-encryption-by-default --region region In the upper-right corner of the page, choose Account Attributes, Data protection and security.
upvoted 1 times
...
LeonSauveterre
5 months ago
Selected Answer: B
A - This automatically encrypts all newly created volumes, but can't prevent unencrypted volumes. B - AWS Config can enforce and automate compliance by using a rule to check whether all EBS volumes are encrypted. C - Creating encrypted copies of volumes after they are created? Why bother to do this D - What does Migration Hub have to do with this... I don't understand.
upvoted 2 times
...
Xandero
6 months ago
Selected Answer: A
https://docs.aws.amazon.com/ebs/latest/userguide/encryption-by-default.html
upvoted 1 times
...
EdricHoang
11 months ago
Selected Answer: B
"The solution must also prevent the creation of unencrypted EBS volumes." For prevention future actions, I go for AWS config. You can setup Encryption in EC2, but Its manual process, what happen if you add one or more EC2?
upvoted 3 times
...
Scheldon
1 year ago
AnswerA https://docs.aws.amazon.com/ebs/latest/userguide/work-with-ebs-encr.html#ebs-encryption_key_mgmt To enable encryption by default for a Region Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. From the navigation bar, select the Region. From the navigation pane, select EC2 Dashboard. In the upper-right corner of the page, choose Account Attributes, Data protection and security. Choose Manage. Select Enable. You keep the AWS managed key with the alias alias/aws/ebs created on your behalf as the default encryption key, or choose a symmetric customer managed encryption key. Choose Update EBS encryption.
upvoted 1 times
...
0bdf3af
1 year ago
A. https://repost.aws/knowledge-center/ebs-automatic-encryption
upvoted 2 times
...
lsomas
1 year ago
Selected Answer: B
As it needs to prevent creation of Unencrypted EBS volume
upvoted 3 times
...
viejito
1 year ago
B es correcto , AWS Config para identificar automáticamente los volúmenes de EBS no cifrados y aplicar una acción correctiva.A,C,D : incorrectas , no cumplen con el cifrado automático
upvoted 3 times
JA2018
6 months ago
From Google Translate B is OK, AWS Config to automatically identify unencrypted EBS volumes and apply corrective action. A,C,D: Incorrect, do not comply with
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel