ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 711 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 711
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company needs to create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster to host a digital media streaming application. The EKS cluster will use a managed node group that is backed by Amazon Elastic Block Store (Amazon EBS) volumes for storage. The company must encrypt all data at rest by using a customer managed key that is stored in AWS Key Management Service (AWS KMS).
Which combination of actions will meet this requirement with the LEAST operational overhead? (Choose two.)

  • A. Use a Kubernetes plugin that uses the customer managed key to perform data encryption.
  • B. After creation of the EKS cluster, locate the EBS volumes. Enable encryption by using the customer managed key.
  • C. Enable EBS encryption by default in the AWS Region where the EKS cluster will be created. Select the customer managed key as the default key.
  • D. Create the EKS cluster. Create an IAM role that has a policy that grants permission to the customer managed key. Associate the role with the EKS cluster.
  • E. Store the customer managed key as a Kubernetes secret in the EKS cluster. Use the customer managed key to encrypt the EBS volumes.
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by guptatrng at Sept. 9, 2022, 4:51 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
guptatrng
Highly Voted 2 years, 7 months ago
B and D
upvoted 6 times
...
Danilus
Most Recent 5 months, 3 weeks ago
Selected Answer: CD
key-The company must encrypt all data at rest key- customer managed key key- Least operational overhead Is not A because a pluggin you have to install it so it its to much operational overhead is not B because you encrypt the EBS volume before creation is not E because is to much operational overhead the answer is C and D
upvoted 1 times
...
ruqui
1 year, 9 months ago
Selected Answer: CD
B is wrong (there's no way of encrypting an already existing EBS volume), answer is CD
upvoted 1 times
...
vassdlevi
1 year, 10 months ago
Selected Answer: CD
I don't agree with B. instead C takes care of newly created ebs volumes as well. Encryption by default allows you to ensure that all new EBS volumes created in your account are always encrypted, even if you don’t specify encrypted=true request parameter. You have the option to choose the default key to be AWS managed or a key that you create.
upvoted 1 times
...
BECAUSE
1 year, 11 months ago
Selected Answer: BD
B and D are the answers
upvoted 1 times
ruqui
1 year, 9 months ago
you can't encrypt an already existing EBS volume, the correct answer is CD
upvoted 1 times
...
...
sassy2023
2 years, 3 months ago
BD likely
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago