Get All the Questions Covering Entire Syllabus from here  (2018-2019) : This material is owned by HadoopExam.com . Please dont copy its bad Karma


Question 8: You have been working with an IT healthcare company which manages the patient data. All the instances you launched on which your application exists support the encrypted EBS volumes. However, your initial developer does not take care of enabling the encryption. Hence, all the data kept on that attached EBS volume is not encrypted, and to become HIPAA compliant you have to have all the attached volume and snapshots to be encrypted. How can you make sure all the existing snapshots are encrypted and attached volume is also encrypted?

  1. You will enable the encryption flag to the already attached volume.
  2. You will mark the status of already created snapshot status as encrypted and attach a CMK from KMS.
  3. You will copy unencrypted snapshots to a new snapshots which will be encrypted.
  4. You will attach a new volume to the instance with encryption enabled, and then copy data from unencrypted volume to encrypted volume.

Correct Answer : C, D

Detailed Explaination: There is no direct way by which you can encrypt existing unencrypted volume and vice versa.

  1. You have to migrate data for doing that.
  2. Or you can apply new encryption status while copying a snapshot.
  3. There are important points regarding this
    1. While copying an unencrypted snapshot of an unencrypted volume, you can encrypt the copy. Hence, volumes restored using this are also encrypted.
    2. While copying an encrypted snapshot of encrypted volume, you can associate the copy with a different CMK. Hence, volume restored from this can only be accessible using new CMK.
  4. There are important points regarding this
    1. While copying an unencrypted snapshot of an unencrypted volume, you can encrypt the copy. Hence, volumes restored using this are also encrypted.
    2. While copying an encrypted snapshot of encrypted volume, you can associate the copy with a different CMK. Hence, volume restored from this can only be accessible using new CMK.
  5. We cannot remove encryption from an encrypted snapshot.
  6. Migrate data between encrypted and unencrypted volumes
    1. Create a destination volume (either encrypted or decrypted)
    2. Attach the destination volume to the instance which has the data.
    3. You need to follow some steps to make destination volume available.
    4. Once destination volume is available you can copy data from instance to destination volume.
    5. In above steps data will be copied and you can change the encryption state while copying the data.
  7. If your EC2 instance has attached volume which is un-encrypted. And you want to encrypt it then follow the below steps.
    1. Create a snapshot of un-encrypted data.
    2. Copy this snapshot and while copy you can change the encryption state. Hence, new snapshot will be encrypted.
  8. Now restore this snapshot as volume to instance, and this volume is encrypted.

All AWS Certification Products, Training, Books and PDF you must use are below


 AWS Developer Certification : Associate Level     AWS Sysops Administrator Certification : Assciate Level      AWS Solution Architect Certification : Associate Level     AWS Soltion Architect : Professional Level    AWS Certified Security Specialty (SCS-C01)     AWS Professional certification Exam        AWS Package Deal      Book : AWS Solution Architect Associate : Little Guide     AWS Security Specialization Certification: Little Guide SCS-C01     AWS Solution Architect : Training Associate