Topic 1 Question 27
A developer wants to expand an application to run in multiple AWS Regions. The developer wants to copy Amazon Machine Images (AMIs) with the latest changes and create a new application stack in the destination Region. According to company requirements, all AMIs must be encrypted in all Regions. However, not all the AMIs that the company uses are encrypted. How can the developer expand the application to run in the destination Region while meeting the encryption requirement?
Create new AMIs, and specify encryption parameters. Copy the encrypted AMIs to the destination Region. Delete the unencrypted AMIs.
Use AWS Key Management Service (AWS KMS) to enable encryption on the unencrypted AMIs. Copy the encrypted AMIs to the destination Region.
Use AWS Certificate Manager (ACM) to enable encryption on the unencrypted AMIs. Copy the encrypted AMIs to the destination Region.
Copy the unencrypted AMIs to the destination Region. Enable encryption by default in the destination Region.
ユーザの投票
コメント(9)
- 正解だと思う選択肢: A
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html Encrypt an unencrypted image during copy In this scenario, an AMI backed by an unencrypted root snapshot is copied to an AMI with an encrypted root snapshot. The CopyImage action is invoked with two encryption parameters, including a customer managed key.
A is the only logical answer.
👍 3anhike2023/03/27 - 正解だと思う選択肢: A
you cannot encrypt an existing unencrypted AMI. you need to create an ami with encryption enabled and change its region, so answer is B
👍 2srikanth9232023/03/25 - 正解だと思う選択肢: A
read the question carefully. yes, we can use kms to encrypt ami and use in multiple regions. but you cannot direct applying kms encryption on non encrypted AMI. Answer B is wrong.
👍 25aga2023/04/03
シャッフルモード