Exam AWS-SysOps topic 1 question 165 discussion

https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-encrypt-existing-and-new-amazon-ebs-volumes.html

Encryption is allowed on micro instances

Correct Answer: C The flag for encryption must be enabled first. It's available for the free usage tier .

Answer is C.

Answer: A. Small glimse Supported instance types Amazon EBS encryption is available on the instance types listed below. You can attach both encrypted and unencrypted volumes to these instance types simultaneously. General purpose: A1, M3, M4, M5, M5a, M5ad, M5d, M5dn, M5n, M6g, T2, T3, and T3a Earlier it was not allowed in free tier, so the answer was B.

Answer is A.

I would think the answer should be C

No one check what the question is asked “free tier”, so only micro instances are eligible on free tire. Other instances can be use but not part of the free tier. So answer is B. Need to use third party software.

Could anyone please confirm if we can encrypt EBS Volumes once they are already created?

Answer is "C"

Answer is C. It says in the beginning "A user is trying to launch..." Hence, when launching an EC2, the user can select the option to encrypt the drive. If the question said something like " A user is trying the encrypt the EBS volumes on one of his EBS drives, attached to an EC2 instance". (A) would have been a possibility, however, remember you can't just encrypt an unencrypted EBS Volume on the fly like that. Just FYI

C. The user has to select the encryption enabled flag while launching the EC2 instance

"It is not supported with a micro instance. " It is not true. You can do it with a micro.

Bad Question > I dont undestand this question. whether they want to encrypt data at rest after launching or before launching..? Question says ..trying to launch that means not launched yet. But end of the sentence says data at rest..

The user has to select the encryption enabled flag while volume section. They triggered here.