AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
A company with AWS Organizations enabled uses Amazon EC2 in the ap-southeast-2 Region, restricted by an SCP from creating resources in other Regions. A security policy mandates data at rest encryption. An audit found unencrypted Amazon EBS volumes for EC2. The company seeks a solution to ensure all new EC2 instances in ap-southeast-2 use encrypted EBS, with minimal disruption to employees creating EBS volumes. Which two-step solution meets these criteria?
A company with AWS Organizations enabled uses Amazon EC2 in the ap-southeast-2 Region, restricted by an SCP from creating resources in other Regions. A security policy mandates data at rest encryption. An audit found unencrypted Amazon EBS volumes for EC2. The company seeks a solution to ensure all new EC2 instances in ap-southeast-2 use encrypted EBS, with minimal disruption to employees creating EBS volumes. Which two-step solution meets these criteria?
Explanation:
The correct answers are A and E. Option A suggests setting a default encryption key for EBS volumes in the Amazon EC2 console. This ensures that all new EBS volumes are encrypted by default without requiring any additional actions from employees. Option E suggests specifying the Default EBS volume encryption setting in the Organizations management account, which ensures that all new volumes are encrypted across the organization. Together, these solutions ensure compliance with the encryption requirement and minimize the impact on employees who create EBS volumes.