A company wants to ensure that all Amazon EBS volumes created in its AWS account are encrypted by default. <br/><br/>How can a solutions architect achieve this with the LEAST operational overhead?

Answer options:

Create an AWS Config rule to evaluate EBS volumes and trigger an AWS Lambda function to encrypt unencrypted volumes.

Enable the 'EBS Encryption by Default' feature in the EC2 console for the specific AWS Region.

Use an IAM policy with a condition that denies the ec2:CreateVolume action if the Encrypted flag is false.

Create an AWS CloudTrail trail to monitor volume creation and alert administrators to manually encrypt them.

How to approach this question

Look for the simplest, native AWS feature to enforce a default behavior.

Full Answer

B.Enable the 'EBS Encryption by Default' feature in the EC2 console for the specific AWS Region.✓ Correct

Enable the 'EBS Encryption by Default' feature in the EC2 console for the specific AWS Region.

You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. When you enable encryption by default, Amazon EBS encrypts the resulting volumes using your default KMS key.

Common mistakes

Choosing IAM policies or Config rules, which require more effort to set up and maintain.

Question 08 All questions Question 10

Practice the full AWS SAA-C03 Practice Exam 4

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...Medium Q02An application running on Amazon EC2 instances needs to access an Amazon DynamoDB table. Both res...Easy Q03A company is designing a web application that will be hosted on AWS. The application will use an ...Medium Q04A company is building a mobile app that requires users to authenticate using their social media a...Hard Q05A solutions architect is designing a VPC for a three-tier web application. The database tier must...Medium

View all 65 questions →