Topic 1 Question 887
A company plans to rehost an application to Amazon EC2 instances that use Amazon Elastic Block Store (Amazon EBS) as the attached storage.
A solutions architect must design a solution to ensure that all newly created Amazon EBS volumes are encrypted by default. The solution must also prevent the creation of unencrypted EBS volumes.
Which solution will meet these requirements?
Configure the EC2 account attributes to always encrypt new EBS volumes.
Use AWS Config. Configure the encrypted-volumes identifier. Apply the default AWS Key Management Service (AWS KMS) key.
Configure AWS Systems Manager to create encrypted copies of the EBS volumes. Reconfigure the EC2 instances to use the encrypted volumes.
Create a customer managed key in AWS Key Management Service (AWS KMS). Configure AWS Migration Hub to use the key when the company migrates workloads.
ユーザの投票
コメント(9)
- 正解だと思う選択肢: A
AnswerA The task is to force automatic encryption for every new EBS volume and prevent possibility of creation any unencrypted volume hence:
https://docs.aws.amazon.com/ebs/latest/userguide/work-with-ebs-encr.html#ebs-encryption_key_mgmt To enable encryption by default for a Region Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
From the navigation bar, select the Region.
From the navigation pane, select EC2 Dashboard.
In the upper-right corner of the page, choose Account Attributes, Data protection and security.
Choose Manage.
Select Enable. You keep the AWS managed key with the alias alias/aws/ebs created on your behalf as the default encryption key, or choose a symmetric customer managed encryption key.
Choose Update EBS encryption.
👍 9Scheldon2024/05/29 B es correcto , AWS Config para identificar automáticamente los volúmenes de EBS no cifrados y aplicar una acción correctiva.A,C,D : incorrectas , no cumplen con el cifrado automático
👍 3viejito2024/05/10- 正解だと思う選択肢: B
As it needs to prevent creation of Unencrypted EBS volume
👍 3lsomas2024/05/12
シャッフルモード