AWS Certified Developer – Associate (DVA-C02) — Question 13

A developer wants to expand an application to run in multiple AWS Regions. The developer wants to copy Amazon Machine Images (AMIs) with the latest changes and create a new application stack in the destination Region. According to company requirements, all AMIs must be encrypted in all Regions. However, not all the AMIs that the company uses are encrypted.
How can the developer expand the application to run in the destination Region while meeting the encryption requirement?

Answer options

• A. Create new AMIs, and specify encryption parameters. Copy the encrypted AMIs to the destination Region. Delete the unencrypted AMIs.
• B. Use AWS Key Management Service (AWS KMS) to enable encryption on the unencrypted AMIs. Copy the encrypted AMIs to the destination Region.
• C. Use AWS Certificate Manager (ACM) to enable encryption on the unencrypted AMIs. Copy the encrypted AMIs to the destination Region.
• D. Copy the unencrypted AMIs to the destination Region. Enable encryption by default in the destination Region.

Correct answer: A

Explanation

The correct answer is A because creating new AMIs with specified encryption parameters ensures that the AMIs are compliant with the encryption requirement before copying them to the destination Region. Option B is incorrect because AWS KMS cannot retroactively encrypt existing unencrypted AMIs without creating new ones. Option C is incorrect as AWS Certificate Manager (ACM) is not used for AMI encryption. Option D fails to meet the requirement since it allows unencrypted AMIs to be copied, which is against the company policy.