Which action will meet these requirements?
Create an encrypted copy of manual snapshot of the DB instance. Restore a new DB instance from the encrypted snapshot.
Modify the DB instance and enable encryption.
Restore a DB instance from the most recent automated snapshot and enable encryption.
Create an encrypted read replica of the DB instance. Promote the read replica to a standalone instance.
Explanations:
Creating an encrypted copy of a manual snapshot is the correct approach. When you create a manual snapshot of the DB instance, you can specify encryption. Restoring from this snapshot results in a new DB instance that is encrypted at rest, thereby meeting the compliance requirement.
You cannot modify an existing DB instance to enable encryption after it has been created without encryption. Encryption must be set at the time of creation; therefore, modifying the existing instance directly is not an option.
Restoring a DB instance from an automated snapshot does not allow you to enable encryption. Similar to option B, the encryption setting must be configured at the instance creation stage, making this option invalid for meeting the compliance requirement.
While creating an encrypted read replica is a valid option, it does not satisfy the compliance requirement directly. Promoting the read replica does create an encrypted standalone instance, but this indirect method is not the most straightforward way to ensure compliance and may involve additional steps and considerations.
I plot that the answer is:
Create an encrypted copy of manual snapshot of the DB instance. Restore a new DB instance from the encrypted snapshot.