A company wants to ensure that all new Amazon Elastic Block Store (EBS) volumes created in their AWS account are encrypted by default. <br/><br/>How can a solutions architect achieve this with the LEAST operational overhead?

Answer options:

Create an IAM policy that denies the ec2:CreateVolume action if the Encrypted flag is false.

Enable the 'EBS Encryption by Default' feature in the EC2 console for the AWS Region.

Use AWS Config to automatically remediate unencrypted volumes.

Write an AWS Lambda function triggered by CloudTrail to encrypt volumes after creation.

How to approach this question

Look for native, account-level settings that enforce encryption automatically.

Full Answer

B.Enable the 'EBS Encryption by Default' feature in the EC2 console for the AWS Region.✓ Correct

Enable the 'EBS Encryption by Default' feature in the EC2 console for the AWS Region.

You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. This is a regional setting and requires zero ongoing maintenance.

Common mistakes

Choosing IAM policies or AWS Config, which are more complex to manage.

Question 16 All questions Question 18

Practice the full AWS SAA-C03 Practice Exam 6

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...Medium Q02A company has two AWS accounts: Account A for development and Account B for production. Developer...Medium Q03A mobile application needs to authenticate users using their social media accounts (Facebook, Goo...Easy Q04A company is running an application on Amazon EC2 instances. The application needs to connect to ...Medium Q05A company has 50 AWS accounts managed by AWS Organizations. The IT team wants to implement a cent...Easy

View all 65 questions →