AWS Certified Cloud Practitioner — Question 493

Who enables encryption of data at rest for Amazon Elastic Block Store (Amazon EBS)?

Answer options

• A. AWS Support
• B. AWS customers
• C. AWS Key Management Service (AWS KMS)
• D. AWS Trusted Advisor

Correct answer: B

Explanation

Under the AWS Shared Responsibility Model, AWS customers are responsible for security in the cloud, which includes configuring and enabling encryption for their Amazon Elastic Block Store (Amazon EBS) volumes. While AWS Key Management Service (AWS KMS) provides and manages the encryption keys, it does not enable encryption on its own. AWS Support and AWS Trusted Advisor are support and optimization services that cannot make configuration changes to a customer's resources.