AWS Certified SysOps Administrator – Associate (legacy) — Question 5
An existing, deployed solution uses Amazon EC2 instances with Amazon EBS General Purpose SSD volumes, am Amazon RDS PostgreSQL database, an
Amazon EFS file system, and static objects stored in an Amazon S3 bucket. The Security team now mandates that at-rest encryption be turned on immediately for all aspects of the application, without creating new resources and without any downtime.
To satisfy the requirements, which one of these services can the SysOps Administrator enable at-rest encryption on?
Answer options
- A. EBS General Purpose SSD volumes
- B. RDS PostgreSQL database
- C. Amazon EFS file systems
- D. S3 objects within a bucket
Correct answer: A
Explanation
The correct answer is A, because Amazon EBS allows for enabling encryption on existing volumes without needing to create new resources. The other options, such as RDS, EFS, and S3, either do not support enabling encryption on existing resources without downtime or require new instances or buckets to be created.