Answer-first summary for fast verification
Answer: Enable EBS encryption by default across all AWS Regions.
The correct answer is D. Enabling EBS encryption by default in all AWS Regions ensures that all new EBS volumes are encrypted without any additional effort or manual intervention. This approach meets the requirement with the least effort because it automates the encryption process and applies it universally across all new EBS volumes. Other options may require additional steps, configurations, and periodic checks, but turning on EBS encryption by default is a one-time setup that guarantees compliance for all future volumes.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company's compliance audit has identified that some Amazon Elastic Block Store (Amazon EBS) volumes created in their AWS account are not encrypted. A solutions architect is tasked with implementing a solution to ensure all new EBS volumes are encrypted at rest with minimal effort. Which of the following solutions would meet this requirement most efficiently?
A
Create an Amazon EventBridge rule to detect the creation of unencrypted EBS volumes and invoke an AWS Lambda function to delete noncompliant volumes.
B
Utilize AWS Audit Manager with data encryption capabilities.
C
Establish an AWS Config rule to detect the creation of new EBS volumes and use AWS Systems Manager Automation to encrypt these volumes.
D
Enable EBS encryption by default across all AWS Regions.