A user is planning to schedule a backup for an EBS volume. The user wants security of the snapshot data. How can the
user achieve data encryption with a snapshot?
A.
Use encrypted EBS volumes so that the snapshot will be encrypted by AWS
B.
While creating a snapshot select the snapshot with encryption
C.
By default the snapshot is encrypted by AWS
D.
Enable server side encryption for the snapshot using S3
Explanation:
AWS EBS supports encryption of the volume. It also supports creating volumes from existing snapshots provided the
snapshots are created from encrypted volumes. The data at rest, the I/O as well as all the snapshots of the encrypted
EBS will also be encrypted. EBS encryption is based on the AES-256 cryptographic algorithm, which is the industry
standard.
A
0
0
A is the right answer coz aws will encrypt the ebs volume which encryption enabled during creation. you cant share the volume hence it is encrypted
0
0
A
0
0
When you create an encrypted EBS volume and attach it to a supported instance type, the following types of data are encrypted:
Data at rest inside the volume
All data moving between the volume and the instance
All snapshots created from the volume
The encryption occurs on the servers that host EC2 instances, providing encryption of data-in-transit from EC2 instances to EBS storage.
Amazon EBS encryption uses AWS Key Management Service (AWS KMS) customer master keys (CMK) when creating encrypted volumes and any snapshots created from them. The first time you create an encrypted volume in a region, a default CMK is created for you automatically. This key is used for Amazon EBS encryption unless you select a CMK that you created separately using AWS KMS. Creating your own CMK gives you more flexibility, including the ability to create, rotate, and disable keys to define access controls, and to audit the encryption keys used to protect your data. For more information, see the AWS Key Management Service Developer Guide.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
0
0