What should a solutions architect do to ensure the database and snapshots are always encrypted moving forward?

A company is running an online transaction processing (OLTP) workload on AWS This workload uses an unencrypted Amazon RDS DB instance in a Multi-AZ deployment Dairy database snapshots are taken from this instance

What should a solutions architect do to ensure the database and snapshots are always encrypted moving forward?
A . Encrypt a copy of the latest DB snapshot. Replace existing DB instance by restoring the encrypted snapshot
B . Create a new encrypted Amazon Elastic Block Store (Amazon EBS) volume and copy the snapshots to it Enable encryption on the DB instance
C . Copy the snapshots and enable encryption using AWS Key Management Service (AWS KMS) Restore encrypted snapshot to an existing DB instance
D . Copy the snapshots to an Amazon S3 bucket that is encrypted using server-side encryption with AWS Key Management Service (AWS KMS) managed keys (SSE-KMS)

View Answer

Answer: C