How can you secure data at rest on an EBS volume?
A.
Encrypt the volume using the S3 server-side encryption service.
B.
Attach the volume to an instance using EC2’s SSL interface.
C.
Create an IAM policy that restricts read and write access to the volume.
D.
Write the data randomly instead of sequentially.
E.
Use an encrypted file system m top of the EBS volume.
Explanation:
http://docs.aws.amazon.com/IAM/latest/UserGuide/policies_examples.html
Answer should be A.
https://aws.amazon.com/blogs/aws/protect-your-data-with-new-ebs-encryption/
0
0
Correct answer is E
Since there is no service called S3 server side encryption in AWS
0
0
There is one:
http://aws.amazon.com/blogs/aws/new-amazon-s3-server-side-encryption/
0
0
Its related to S3, the question is about EBS volume at rest, not S3 at rest
0
0
I like E for the answer
https://d0.awsstatic.com/whitepapers/AWS_Securing_Data_at_Rest_with_Encryption.pdf
page 6.
1
0
E is the correct answer
0
0
old question, E was (still is) correct. but now you can encrypt an EBS volume on instance creation.
0
0
Bad question….
0
0
Amazon EBS
Amazon Elastic Block Store (Amazon EBS) provides block-level storage volumes for use with Amazon EC2 instances. Amazon EBS volumes are network-attached, and persist independently from the life of an instance.
Because Amazon EBS volumes are presented to an instance as a block device, you can leverage most standard encryption tools for file system-level or block-level encryption
Block level encryption
Block level encryption tools usually operate below the file system layer using kernel space device drivers to perform encryption and decryption of data.
These tools are useful when you want all data written to a volume to be encrypted regardless of what directory the data is stored in
File System level encryption
File system level encryption usually works by stacking an encrypted file system on top of an existing file system.
This method is typically used to encrypt a specific directory
These solutions require you to provide keys, either manually or from your KMI.
Both block-level and file system-level encryption tools can only be used to encrypt data volumes that are not Amazon EBS boot volumes, as they don’t allow you to automatically make a trusted key available to the boot volume at startup
There are third party solutions available, which can help encrypt both the boot and data volumes as well as supplying and protecting keys
0
0
E is the correct Answer you can overlay EBS via EFS like LUKS.
0
0
E, this was on the Developer Associate exam and is mentioned in the EBS docs.
1
0