Domain 1.2: Security Controls — AWS SAP-C02 Practice Question 29

How to approach this question

Look for the native, foolproof account-level setting.

Full Answer

C.Enable 'EBS Encryption by Default' at the account level in all regions.✓ Correct

Enable 'EBS Encryption by Default' at the account level in all regions.

AWS provides a native account-level setting called 'EBS Encryption by Default'. When enabled, it ensures that all new EBS volumes created in the account/region are encrypted, fulfilling strict compliance requirements preventatively.

Common mistakes

Relying on IAM policies, which are complex to manage and can have gaps.

An enterprise has a strict compliance requirement that all Amazon EBS volumes must be encrypted. They want to ensure that no unencrypted EBS volumes can be created in their AWS accounts, even by administrators. What is the MOST robust way to enforce this?

How to approach this question

Full Answer

Common mistakes

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 7

More questions from this exam