AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 135

You have many IAM users with the ability to create EC2 volumes. Most of the data your team works with is sensitive, so you would like to make sure all volumes are encrypted. How might you facilitate this requirement?

Answer options

• A. Create an AWS KMS policy and attach it to all IAM users that can create EC2 volumes.
• B. Use AWS Config and create a rule that requires all volumes, upon creation, be encrypted.
• C. Use AWS Config to send out reminders to IAM users every time they create an EC2 volume.
• D. Set EC2 to notify creators to encrypt their EC2 volumes.

Correct answer: B

Explanation

The correct answer is B because using AWS Config to enforce a rule ensures that all newly created EC2 volumes must be encrypted, thus meeting your security requirement. Option A does not enforce encryption but rather manages permissions, while C only reminds users without enforcing the rule, and D simply notifies users without guaranteeing compliance.