Exam AWS-SysOps topic 1 question 634 discussion

B should be correct If you want to delete an unencrypted-at-rest file system but want to retain the data, first create a new encrypted-at-rest file system. Next, copy the data over to the new encrypted-at-rest file system. https://docs.aws.amazon.com/efs/latest/ug/efs-enforce-encryption.html

should be B. https://docs.aws.amazon.com/efs/latest/ug/efs-enforce-encryption.html

By creating a new encrypted EFS file system, you can ensure that all data stored on it is encrypted at rest. When creating the encrypted EFS file system, you can enable the encryption option, which will encrypt the data using AWS Key Management Service (KMS) and a customer-managed CMK (Customer Master Key). After creating the new encrypted EFS file system, the data from the existing unencrypted EFS file system should be copied to the new encrypted file system. This can be done using various methods, such as using the EFS-to-EFS backup solution, rsync, or other data migration tools.

B. Create a new encrypted EFS file system and copy the data from the unencrypted EFS file system to the new encrypted EFS file system. Seem correct

B is correct as you can not modify EFS for encryption

I'll go with B

Ans is B I created 2 EFS in the console to try it out myself. Once you create an unencypted EFS you cannot switch it to encrpted later on. https://docs.aws.amazon.com/efs/latest/ug/efs-enforce-encryption.html

A. Update the EFS file system settings to enable server-side encryption using AES-256. https://docs.aws.amazon.com/efs/latest/ug/encryption-at-rest.html

should be B.

Encryption thumb rule:- S3 can be encrypted any time before and after creation. EBS ,RDS ,etc should be encrypted while creating only. So ANS:- B

B is correct

B is correct upvoted for saumenP reference and explanation.

It should be. You cannot encrypt an existing EFS