An existing application stores sensitive information on a non-boot Amazon EBS data volume attached to an
Amazon Elastic Compute Cloud instance. Which of the following approaches would protect the sensitive data
on an Amazon EBS volume?
A.
Upload your customer keys to AWS CloudHSM. Associate the Amazon EBS volume with AWS CloudHSM. Remount the Amazon EBS volume.
B.
Create and mount a new, encrypted Amazon EBS volume. Move the data to the new volume. Delete the old
Amazon EBS volume.
C.
Unmount the EBS volume. Toggle the encryption attribute to True. Re-mount the Amazon EBS volume.
D.
Snapshot the current Amazon EBS volume. Restore the snapshot to a new, encrypted Amazon EBS volume.
Mount the Amazon EBS volume