AWS Certified Solutions Architect - Professional Exam: Encrypted EBS Volumes

Which Data Types Are Encrypted When Creating an Encrypted EBS Volume?

Q: When a user creates an encrypted EBS volume and attaches it to a supported instance type, which of the following data types are encrypted?

Data at rest inside the volumeAll data moving between the volume and the instanceAll snapshots created from the volume.

Prev Question Next Question

Question

When a user creates an encrypted EBS volume and attaches it to a supported instance type, which of the following data types are encrypted?

Answers

A. Data at rest inside the volume

B. All data copied from the EBS volume to S3

C. All data moving between the volume and the instance

D. All snapshots created from the volume.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A, C, and D.

Amazon EBS encryption offers a simple encryption solution for your EBS volumes without the need to build, maintain, and secure your own key management infrastructure.

When you create an encrypted EBS volume and attach it to a supported instance type, the following types of data are encrypted:

(i) Data at rest inside the volume.

(ii) All data moving between the volume and the instance.

(iii) All snapshots created from the volume.

(iv) All volumes created from those snapshots.

Based on this, options A, C, and D are all CORRECT.

Option B is incorrect since the data that is copied to S3 is not encrypted.

For more information on this, please visit the link below.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

When a user creates an encrypted EBS volume and attaches it to a supported instance type, the data at rest inside the volume is encrypted. This means that any data written to the volume is encrypted before it is written, and any data read from the volume is decrypted after it is read. The encryption is done using the AWS-managed keys, which can be managed by the user.

Option A is correct. Data at rest inside the volume is encrypted when the user creates an encrypted EBS volume and attaches it to a supported instance type.

Option B is incorrect. All data copied from the EBS volume to S3 is not encrypted by default, even if the EBS volume is encrypted. The user needs to take additional steps to encrypt the data when copying it to S3.

Option C is incorrect. All data moving between the volume and the instance is not encrypted by default, even if the EBS volume is encrypted. The user needs to take additional steps to encrypt the data moving between the volume and the instance.

Option D is incorrect. All snapshots created from the volume are encrypted if the volume is encrypted. This means that any snapshot created from an encrypted EBS volume will also be encrypted.

In summary, when a user creates an encrypted EBS volume and attaches it to a supported instance type, the data at rest inside the volume is encrypted, and any snapshot created from the volume will also be encrypted.

Prev Question Next Question