Which solution will meet this requirement with the LEAST effort?

By:
In: SAP-C02
Tagged:
With: 1 Comment
A company’s compliance audit reveals that some Amazon Elastic Block Store (Amazon EBS) volumes that were created in an AWS account were not encrypted.A solutions architect must implement a solution to encrypt all new EBS volumes at rest.

Which solution will meet this requirement with the LEAST effort?

Create an Amazon EventBridge rule to detect the creation of unencrypted EBS volumes. Invoke an AWS Lambda function to delete noncompliant volumes.

Use AWS Audit Manager with data encryption.

Create an AWS Config rule to detect the creation of a new EBS volume. Encrypt the volume by using AWS Systems Manager Automation.

Turn on EBS encryption by default in all AWS Regions.

Explanations:

While detecting unencrypted volumes is possible, deleting them adds operational complexity and doesn’t encrypt new volumes automatically.

AWS Audit Manager helps with compliance tracking but does not enforce encryption settings or automatically encrypt volumes.

Although AWS Config can monitor and enforce compliance, using Systems Manager Automation to encrypt volumes requires manual intervention and is more complex.

Turning on EBS encryption by default ensures that all newly created volumes are encrypted automatically with minimal effort.

2025-10-18

1 Comment

  1. Amber
    Author

    I think the answer is:
    Turn on EBS encryption by default in all AWS Regions.

Leave a Reply

Your email address will not be published. Required fields are marked *

9 − 9 =