Exam4Training

What is the BEST way to monitor, on a recurring basis, whether all EBS volumes are encrypted?

Auditors for a health care company have mandated that all data volumes be encrypted at rest Infrastructure is deployed mainly via IAM CloudFormation however third-party frameworks and manual deployment are required on some legacy systems

What is the BEST way to monitor, on a recurring basis, whether all EBS volumes are encrypted?
A . On a recurring basis, update an IAM user policies to require that EC2 instances are created with an encrypted volume
B . Configure an IAM Config rule lo run on a recurring basis ‘or volume encryption
C . Set up Amazon Inspector rules tor volume encryption to run on a recurring schedule
D . Use CloudWatch Logs to determine whether instances were created with an encrypted volume

Answer: B

Explanation:

To support answer B, use the reference https://d1.IAMstatic.com/whitepapers/IAM-security-whitepaper.pdf

"For example, IAM Config provides a managed IAM Config Rules to ensure that encryption is turned on for all EBS volumes in your account."

Latest SCS-C02 Dumps Valid Version with 235 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version