SAP-C02 Question 320
Question
A company's compliance audit reveals that some Amazon Elastic Block Store (Amazon EBS) volumes that were created in an AWS account were not encrypted. A solutions architect must implement a solution to encrypt all new EBS volumes at rest. Which solution will meet this requirement with the LEAST effort?
Options
A. Create an Amazon EventBridge rule to detect the creation of unencrypted EBS volumes. Invoke an AWS Lambda function to delete noncompliant volumes.
B. Use AWS Audit Manager with data encryption.
C. Create an AWS Config rule to detect the creation of a new EBS volume. Encrypt the volume by using AWS Systems Manager Automation.
D. Turn on EBS encryption by default in all AWS Regions.
Answer
D
Explanation
Correct answer: D Explanation: The best answer is D. Correct option: D. Turn on EBS encryption by default in all AWS Regions. Why this is correct: This option most directly satisfies the hard requirements in the question...