KMS Quiz
A customer wants to create a stream of EBS Volumes in AWS. The data on the volume is required to be encrypted at rest. How can this be achieved?
A. Create an SSL Certificate and attach it to the EBS Volume.
B. Use KMS to generate encryption keys which can be used to encrypt the volume.
Use CloudFront in front of the EBS Volume to encrypt all requests.
D. Use EBS Snapshots to encrypt the requests.
B. Use KMS to generate encryption keys which can be used to encrypt the volume.
For more information on using KMS, please refer to the below URL:
https://docs.aws.amazon.com/kms/latest/developerguide/services-ebs.html
Option A is incorrect since SSL helps to encrypt data in transit.
Option C is incorrect because it also does not help in encrypting the data at rest.
Option D is incorrect because the snapshot of an unencrypted volume is also unencrypted.