AWS Certified SysOps Administrator – Associate (legacy) — Question 294

A user is planning to schedule a backup for an EBS volume. The user wants security of the snapshot data. How can the user achieve data encryption with a snapshot?

Answer options

• A. Use encrypted EBS volumes so that the snapshot will be encrypted by AWS
• B. While creating a snapshot select the snapshot with encryption
• C. By default, the snapshot is encrypted by AWS
• D. Enable server side encryption for the snapshot using S3

Correct answer: A

Explanation

Amazon EBS snapshots automatically inherit the encryption state of the source EBS volume, meaning snapshots of an encrypted volume are always encrypted using the same KMS key. There is no option to manually encrypt a snapshot during its creation from an unencrypted volume, and snapshots are not encrypted by default unless the source volume is encrypted or region-level EBS encryption by default is enabled. Additionally, users cannot directly configure S3 server-side encryption settings for EBS snapshots.