Topic 1 Question 371
2 つ選択A company needs to create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster to host a digital media streaming application. The EKS cluster will use a managed node group that is backed by Amazon Elastic Block Store (Amazon EBS) volumes for storage. The company must encrypt all data at rest by using a customer managed key that is stored in AWS Key Management Service (AWS KMS).
Which combination of actions will meet this requirement with the LEAST operational overhead?
Use a Kubernetes plugin that uses the customer managed key to perform data encryption.
After creation of the EKS cluster, locate the EBS volumes. Enable encryption by using the customer managed key.
Enable EBS encryption by default in the AWS Region where the EKS cluster will be created. Select the customer managed key as the default key.
Create the EKS cluster. Create an IAM role that has a policy that grants permission to the customer managed key. Associate the role with the EKS cluster.
Store the customer managed key as a Kubernetes secret in the EKS cluster. Use the customer managed key to encrypt the EBS volumes.
ユーザの投票
コメント(15)
- 正解だと思う選択肢: CD👍 5asoli2023/03/18
- 正解だと思う選択肢: BD
B & D Do exactly what's required in a very simple way with the least overhead.
Options C affects all EBS volumes in the region which is absolutely not necessary here.
👍 4UnluckyDucky2023/03/18 - 正解だと思う選択肢: BD
Quickly rule out A (which plugin? > overhead) and E because of bad practice
Among B,C,D: B and C are functionally similar > choice must be between B or C, D is fixed
Between B and C: C is out since it set default for all EBS volume in the region, which is more than required and even wrong, say what if other EBS volumes of other applications in the region have different requirement?
👍 4imvb882023/04/17
シャッフルモード