How can the user achieve data encryption with a snapshot?

A user is planning to schedule a backup for an EBS volume. The user wants security of the snapshot dat
a. How can the user achieve data encryption with a snapshot?

A.
Use encrypted EBS volumes so that the snapshot will be encrypted by AWS

B.
While creating a snapshot select the snapshot with encryption

C.
By default the snapshot is encrypted by AWS

D.
Enable server side encryption for the snapshot using S3

Explanation:
AWS EBS supports encryption of the volume. It also supports creating volumes from existing snapshots
provided the snapshots are created from encrypted volumes. The data at rest, the I/O as well as all the
snapshots of the encrypted EBS will also be encrypted. EBS encryption is based on the AES-256 cryptographic
algorithm, which is the industry standard.

Show Hint

← Previous question

Next question →

Leave a Reply 0

Seth

lin

Encrypted Snapshots

When you copy a snapshot, you can choose to encrypt the copy (if the original snapshot was not encrypted) or you can specify a CMK different from the original one, and the resulting copied snapshot will use the new CMK. However, changing the encryption status of a snapshot or using a non-default EBS CMK during a copy operation always results in a full copy (not incremental), which may incur greater data transfer and storage charges.

So I like B .

Yogi

Question here is to “Create” a new Snapshot from an EBS volume, and we can’t encrypt a new snapshot.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html

However above you have mentioned a statement which is valid only when we “Copy” an existing unencrypted snapshot, which is not a case here!
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-copy-snapshot.html

So Answer is – A

Guna

Ans A

Refer the link http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html

Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted.

Ashley

nyara

nagarjunadn

Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted. The data in your encrypted volumes and any associated snapshots is protected both at rest and in motion.

Introvert

Guys, what if I need to copy this snapshot after encryption. can’t I do that without having the EBS encrypted in the first place.

The CopyImage action can be used to create an AMI with encrypted snapshots from an AMI with unencrypted snapshots. By default, CopyImage preserves the encryption status of source snapshots when creating destination copies. However, you can configure the parameters of the copy process to also encrypt the destination snapshots.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html

I think the answer should be B

James

I agree – B.