AWS Certified SysOps Administrator – Associate (legacy) — Question 169

A user is planning to schedule a backup for an existing EBS volume. The user wants the backup to be created through snapshot, and for it to be encrypted. How can the user achieve data encryption with a snapshot?

Answer options

• A. Encrypt the existing EBS volumes so that the snapshot will be encrypted by AWS when it is cre-ated
• B. By default the snapshot is encrypted by AWS
• C. While creating a snapshot select the snapshot with encryption
• D. Enable server side encryption for the snapshot using S3

Correct answer: A

Explanation

The correct answer is A because EBS volumes must be encrypted prior to creating a snapshot to ensure that the snapshot inherits the encryption. Option B is incorrect as snapshots are not encrypted by default unless the source volume is encrypted. Option C is misleading as it suggests that you can select encryption at the time of snapshot creation, which is not accurate if the volume is not previously encrypted. Option D is incorrect as server-side encryption with S3 does not apply to EBS snapshots.