AWS Certified Solutions Architect – Professional — Question 374
Your company policies require encryption of sensitive data at rest. You are considering the possible options for protecting data while storing it at rest on an EBS data volume, attached to an EC2 instance.
Which of these options would allow you to encrypt your data at rest? (Choose three.)
Answer options
- A. Implement third party volume encryption tools
- B. Implement SSL/TLS for all services running on the server
- C. Encrypt data inside your applications before storing it on EBS
- D. Encrypt data using native data encryption drivers at the file system level
- E. Do nothing as EBS volumes are encrypted by default
Correct answer: A, C, D
Explanation
Data at rest on EBS can be secured using application-level encryption, file-system level encryption drivers, or third-party volume encryption tools. SSL/TLS is designed to protect data in transit rather than data at rest. Additionally, EBS volumes are not encrypted by default unless account-level default encryption has been explicitly configured.