AWS Certified Advanced Networking – Specialty ANS-C00 – Question131

You have many IAM users with the ability to create EC2 volumes. Most of the data your team works with is sensitive, so you would like to make sure all volumes are encrypted. How might you facilitate this requirement?

A.
Create an AWS KMS policy and attach it to all IAM users that can create EC2 volumes.
B. Use AWS Config and create a rule that requires all volumes, upon creation, be encrypted.
C. Use AWS Config to send out reminders to IAM users every time they create an EC2 volume.
D. Set EC2 to notify creators to encrypt their EC2 volumes.

Correct Answer: B

Explanation:

Explanation:
AWS Config is used to evaluate the configuration settings of many AWS resources. When an EC2 volume in created, AWS Config can evaluate the volume against a rule that requires volumes to be encrypted. If the volume is not encrypted, AWS Config flags the volume and the rule as noncompliant.
Reference: http://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html