AWS Certified SysOps Administrator – Associate (legacy) — Question 98

An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba41fc, and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted.
How can this be resolved?

Answer options

• A. Enable encryption on each host's connection to the Amazon EFS volume. Each connection must be recreated for encryption to take effect.
• B. Enable encryption on the existing EFS volume by using the AWS Command Line Interface.
• C. Enable encryption on each host's local drive. Restart each host to encrypt the drive.
• D. Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each host to the new volume.

Correct answer: D

Explanation

The correct answer is D because enabling encryption on a newly created volume ensures that all data is secured, as existing EFS volumes cannot be encrypted after creation. Options A and B are incorrect because they do not provide a means to encrypt the existing volume directly. Option C is also wrong, as encrypting local drives does not affect the EFS volume itself.