Topic 1 Question 120
2 つ選択A company is designing a new application stack. The design includes web servers and backend servers that are hosted on Amazon EC2 instances. The design also includes an Amazon Aurora MySQL DB cluster.
The EC2 instances are in an Auto Scaling group that uses launch templates. The EC2 instances for the web layer and the backend layer are backed by Amazon Elastic Block Store (Amazon EBS) volumes. No layers are encrypted at rest A security engineer needs to implement encryption at rest.
Which combination of steps will meet these requirements?
Modify EBS default encryption settings in the target AWS Region to enable encryption. Use an Auto Scaling group instance refresh.
Modify the launch templates for the web layer and the backend layer to add AWS Certificate Manager (ACM) encryption for the attached EBS volumes. Use an Auto Scaling group instance refresh.
Create a new AWS Key Management Service (AWS KMS) encrypted DB cluster from a snapshot of the existing DB cluster.
Apply AWS Key Management Service (AWS KMS) encryption to the existing DB cluster.
Apply AWS Certificate Manager (ACM) encryption to the existing DB cluster.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: AC
A/C B - You don't use ACM for encryption, it's KMS D - You can't encrypt an existing cluster, you need to snapshot, then encrypt with KMS E - Same as B
👍 4aescudero512024/05/23 - 正解だと思う選択肢: AC
AC . You can not encrypt ebs with ACM.
👍 2danish12342024/05/11 AC . All other options are joke.
👍 1danish12342024/05/11
シャッフルモード