How can you secure data at rest on an EBS volume?
A.
Write the data randomly instead of sequentially.
B.
Use an encrypted file system on top of the BBS volume.
C.
Encrypt the volume using the S3 server-side encryption service.
D.
Create an IAM policy that restricts read and write access to the volume.
E.
Attach the volume to an instance using EC2’s SSL interface.
B
B
B
Why wouldn’t you use EBS Encryption?
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
Encrypt the volume using the S3 server-side encryption service
C: https://aws.amazon.com/blogs/aws/protect-your-data-with-new-ebs-encryption/
O wait didnt read that article properly… 🙂 Yeah probably B then
Check this: https://media.amazonwebservices.com/AWS_Securing_Data_at_Rest_with_Encryption.pdf
Under the EBS section we have: “Another option would be to use
file system-level encryption, which works by stacking an encrypted file system on top of an existing file system”
So yeah B
B
B
Page 5
whitepaper:https://d0.awsstatic.com/whitepapers/aws-securing-data-at-rest-with-encryption.pdf
B
I believe it s C from the link platt posted
https://aws.amazon.com/blogs/aws/protect-your-data-with-new-ebs-encryption/
It’s not C; C is a trick answer as it’s taking about S3 encryption (which is encryption on S3, not EBS). The question is about EBS, an d the only applicable answer is to use an encrypted file system. EBS encryption is possible, but there’s no answer with that option….
Ans B
F – encrypt the volume using EBS encryption while creating the volume
G – take a snapshot of the volume, create a new volume from that shapshot and enable encryption. Attach that new volume back to the instance.