A company with multiple AWS accounts has identified numerous unencrypted Amazon Elastic Block Store (Amazon EBS) volumes attached to Amazon EC2 instances following a recent security audit. To address this, a solutions architect is tasked with encrypting these unencrypted volumes and implementing a future-proof mechanism to automatically detect any new unencrypted volumes. Furthermore, the company seeks a centralized solution to manage and enforce compliance and security across all AWS accounts. What are the recommended steps for the solutions architect to achieve these objectives? (Select two options.)

Exam-Like

Establish an organization within AWS Organizations, deploy AWS Control Tower, and activate the strongly recommended controls (guardrails). Integrate all accounts into the organization and categorize them into organizational units (OUs).

42.9%

Utilize the AWS CLI to identify all unencrypted volumes across all AWS accounts and execute a script to encrypt these volumes directly.

0.0%

Generate a snapshot of each unencrypted volume, create a new encrypted volume from the snapshot, detach the original unencrypted volume, and replace it with the newly created encrypted volume.

28.6%

Set up an organization in AWS Organizations, configure AWS Control Tower, and enable the mandatory controls (guardrails). Incorporate all accounts into the organization and categorize them into organizational units (OUs).

7.1%

Enable AWS CloudTrail and set up an Amazon EventBridge rule to automatically detect and encrypt any unencrypted volumes.

21.4%

AWS Certified Solutions Architect - Professional

Get started today

Comments