Questions 64 and 65
Explanations for questions 64 and 65
We'll cover the following
Question 64
A security officer has requested that all data associated with a specific customer is encrypted. The data resides on Elastic Block Store (EBS) volumes. Which of the following statements about using EBS encryption are correct? (Select TWO)
- Not all EBS types support encryption.
- All attached EBS volumes must share the same encryption state.
- All instance types support encryption.
- Data in transit between an instance and an encrypted volume is also encrypted.
- There is no direct way to change the encryption state of a volume.
Correct Answer: 4, 5
Explanation: All EBS types and all instance families support encryption, but not all instance types support encryption. There is no direct way to change the encryption state of a volume. Data in transit between an instance and an encrypted volume is also encrypted.
INCORRECT: “Not all EBS types support encryption.” is incorrect as all EBS volume types support encryption.
INCORRECT: “All attached EBS volumes must share the same encryption state.” is incorrect. You can have encrypted and unencrypted EBS volumes on a single instance.
INCORRECT: “All instance types support encryption.” is incorrect. All instance families support encryption, but not all instance types do.
CORRECT: “Data in transit between an instance and an encrypted volume is also encrypted.” is the correct answer.
CORRECT: “There is no direct way to change the encryption state of a volume.” is the correct answer.
References: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
Level up your interview prep. Join Educative to access 70+ hands-on prep courses.