AWS Certified SysOps Administrator – Associate (legacy) — Question 866

How can you secure data at rest on an EBS volume?

Answer options

• A. Encrypt the volume using the S3 server-side encryption service.
• B. Attach the volume to an instance using EC2's SSL interface.
• C. Create an IAM policy that restricts read and write access to the volume.
• D. Write the data randomly instead of sequentially.
• E. Use an encrypted file system m top of the EBS volume.

Correct answer: C

Explanation

Creating an IAM policy that restricts read and write access to the EBS volume secures the data at rest by ensuring only authorized entities can access or modify it. Other options, such as using S3 server-side encryption, are technically incompatible with EBS volumes, while using SSL interfaces only secures data in transit rather than at rest.