Answer-first summary for fast verification
Answer: Set EBS encryption as the default in the AWS Region, using the customer-managed key., Create an EKS cluster with an IAM role allowing access to the customer-managed key.
The correct answers are C and D. Option C, 'Set EBS encryption as the default in the AWS Region, using the customer-managed key,' reduces operational overhead by ensuring all new EBS volumes are automatically encrypted with the customer-managed key. Option D, 'Create an EKS cluster with an IAM role allowing access to the customer-managed key,' ensures that the EKS cluster can use the customer-managed key without additional steps. These options together meet the requirement with minimal operational overhead.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company is setting up an Amazon EKS cluster for a digital media streaming app, using managed node groups with Amazon EBS for storage. They require data at rest encryption using a customer-managed AWS KMS key with minimal operational overhead. Which two actions meet this requirement?
A
Implement a Kubernetes plugin for data encryption with the customer-managed key.
B
Post-EKS creation, find EBS volumes and enable encryption with the customer-managed key.
C
Set EBS encryption as the default in the AWS Region, using the customer-managed key.
D
Create an EKS cluster with an IAM role allowing access to the customer-managed key.
E
Secure the customer-managed key as a Kubernetes secret for EBS volume encryption.
No comments yet.