Answer-first summary for fast verification
Answer: Establish an organization within AWS Organizations, deploy AWS Control Tower, and activate the strongly recommended controls (guardrails). Integrate all accounts into the organization and categorize them into organizational units (OUs)., Generate a snapshot of each unencrypted volume, create a new encrypted volume from the snapshot, detach the original unencrypted volume, and replace it with the newly created encrypted volume.
Option A involves establishing an organization in AWS Organizations, deploying AWS Control Tower, and activating strongly recommended controls (guardrails). These controls will help detect whether Amazon EBS volumes attached to Amazon EC2 instances are encrypted, which addresses the requirement of ensuring unencrypted volumes are detected automatically in the future. Option C outlines the best method to perform encryption of the existing unencrypted volumes. By creating a snapshot, then a new encrypted volume from this snapshot and replacing the unencrypted volume with the encrypted one, the architect ensures that all volumes are securely encrypted. Thus, the combination of A and C meets all the requirements.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company with multiple AWS accounts has identified numerous unencrypted Amazon Elastic Block Store (Amazon EBS) volumes attached to Amazon EC2 instances following a recent security audit. To address this, a solutions architect is tasked with encrypting these unencrypted volumes and implementing a future-proof mechanism to automatically detect any new unencrypted volumes. Furthermore, the company seeks a centralized solution to manage and enforce compliance and security across all AWS accounts. What are the recommended steps for the solutions architect to achieve these objectives? (Select two options.)
A
Establish an organization within AWS Organizations, deploy AWS Control Tower, and activate the strongly recommended controls (guardrails). Integrate all accounts into the organization and categorize them into organizational units (OUs).
B
Utilize the AWS CLI to identify all unencrypted volumes across all AWS accounts and execute a script to encrypt these volumes directly.
C
Generate a snapshot of each unencrypted volume, create a new encrypted volume from the snapshot, detach the original unencrypted volume, and replace it with the newly created encrypted volume.
D
Set up an organization in AWS Organizations, configure AWS Control Tower, and enable the mandatory controls (guardrails). Incorporate all accounts into the organization and categorize them into organizational units (OUs).
E
Enable AWS CloudTrail and set up an Amazon EventBridge rule to automatically detect and encrypt any unencrypted volumes.