Your company has a set of EBS volumes defined in AWS. The security mandate is that all EBS volumes are encrypted.

Your company has a set of EBS volumes defined in AWS. The security mandate is that all EBS volumes are encrypted.

What can be done to notify the IT admin staff if there are any unencrypted volumes in the account.
A . Use AWS Inspector to inspect all the EBS volumes
B . Use AWS Config to check for unencrypted EBS volumes
C . Use AWS Guard duty to check for the unencrypted EBS volumes
D . Use AWS Lambda to check for the unencrypted EBS volumes

View Answer

Answer: B

Explanation:

The enc

config rule for AWS Config can be used to check for unencrypted volumes. encrypted-volurrn 5 volumes that are in an attached state are encrypted. If you specify the ID of a KMS key for encryptio using the kmsld parameter, the rule checks if the EBS volumes in an attached state are encrypted with that KMS key*1.

Options A and C are incorrect since these services cannot be used to check for unencrypted EBS volumes

Option D is incorrect because even though this is possible, trying to implement the solution

alone with just the Lambda servk

would be too difficult

For more information on AWS Config and encrypted volumes, please refer to below URL:

• https://docs.aws.amazon.com/config/latest/developerguide/encrypted-volumes.html

Submit your Feedback/Queries to our Experts