AWS Certified Developer – Associate — Question 432

A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application uses attached Amazon EBS disks for storing data. The application will process sensitive information and all the data must be encrypted.
What should a Developer do to ensure the data is encrypted on disk without impacting performance?

Answer options

• A. Configure the Amazon EC2 instance fleet to use encrypted EBS volumes for storing data.
• B. Add logic to write all data to an encrypted Amazon S3 bucket.
• C. Add a custom encryption algorithm to the application that will encrypt and decrypt all data.
• D. Create a new Amazon Machine Image (AMI) with an encrypted root volume and store the data to ephemeral disks.

Correct answer: A

Explanation

Amazon EBS encryption is handled directly by the EC2 virtualization host, utilizing hardware-accelerated encryption to ensure there is no impact on application latency or performance. Implementing custom application-level encryption would consume valuable CPU cycles on a compute-intensive application, while storing data in Amazon S3 or ephemeral disks would deviate from the requirement of using attached Amazon EBS volumes.