Topic 1 Question 410
A company is deploying a new application on Amazon EC2 instances. The application writes data to Amazon Elastic Block Store (Amazon EBS) volumes. The company needs to ensure that all data that is written to the EBS volumes is encrypted at rest.
Which solution will meet this requirement?
Create an IAM role that specifies EBS encryption. Attach the role to the EC2 instances.
Create the EBS volumes as encrypted volumes. Attach the EBS volumes to the EC2 instances.
Create an EC2 instance tag that has a key of Encrypt and a value of True. Tag all instances that require encryption at the EBS level.
Create an AWS Key Management Service (AWS KMS) key policy that enforces EBS encryption in the account. Ensure that the key policy is active.
ユーザの投票
コメント(8)
- 正解だと思う選択肢: B
The solution that will meet the requirement of ensuring that all data that is written to the EBS volumes is encrypted at rest is B. Create the EBS volumes as encrypted volumes and attach the encrypted EBS volumes to the EC2 instances.
When you create an EBS volume, you can specify whether to encrypt the volume. If you choose to encrypt the volume, all data written to the volume is automatically encrypted at rest using AWS-managed keys. You can also use customer-managed keys (CMKs) stored in AWS KMS to encrypt and protect your EBS volumes. You can create encrypted EBS volumes and attach them to EC2 instances to ensure that all data written to the volumes is encrypted at rest.
Answer A is incorrect because attaching an IAM role to the EC2 instances does not automatically encrypt the EBS volumes.
Answer C is incorrect because adding an EC2 instance tag does not ensure that the EBS volumes are encrypted.
👍 5Buruguduystunstugudunstuy2023/03/25 - 正解だと思う選択肢: B
Create encrypted EBS volumes and attach encrypted EBS volumes to EC2 instances..
👍 2WherecanIstart2023/03/19 - 正解だと思う選択肢: B
bbbbbbbb
👍 1taehyeki2023/03/10
シャッフルモード