A company has deployed web servers on Amazon EC2 instances with Amazon Linux in the us-east-1 Region. The EC2 instances are backed by Amazon Elastic Block Store (Amazon EBS). A developer wants o ensure that all of these instances will provide encryption at rest by using an AWS Key Management Service (AWS KMS) key.
How can the developer enable encryption at rest on existing and new instances by using an AWS KMS ey?
A. Use AWS Certificate Manager (ACM) to generate a TLS certificate. Store the private key in AWS KMS. Use AWS KMS on the instances to enable TLS encryption.
B. Manually enable EBS encryption with AWS KMS on running instances. Then enable EBS encryption by default for new instances.
C. Enable EBS encryption by default. Create snapshots from the running instances. Replace running instances with new instances from snapshots.
D. Export the AWS KMS key to the application. Encrypt all application data by using the exported key. Enable EBS encryption by default to encrypt all other data.
How can the developer enable encryption at rest on existing and new instances by using an AWS KMS ey?
A. Use AWS Certificate Manager (ACM) to generate a TLS certificate. Store the private key in AWS KMS. Use AWS KMS on the instances to enable TLS encryption.
B. Manually enable EBS encryption with AWS KMS on running instances. Then enable EBS encryption by default for new instances.
C. Enable EBS encryption by default. Create snapshots from the running instances. Replace running instances with new instances from snapshots.
D. Export the AWS KMS key to the application. Encrypt all application data by using the exported key. Enable EBS encryption by default to encrypt all other data.