AWS Certified SysOps Administrator SOA-C01 – Question634

A company has adopted a security policy that requires all customer data to be encrypted at rest. Currently, customer data is stored on a central Amazon EFS file system and accessed by a number of different applications from Amazon EC2 instances.
How can the SysOps Administrator ensure that all customer data stored on the EFS file system meets the new requirement?

A.
Update the EFS file system settings to enable server-side encryption using AES-256.
B. Create a new encrypted EFS file system and copy the data from the unencrypted EFS file system to the new encrypted EFS file system.
C. Use AWS CloudHSM to encrypt the files directly before storing them in the EFS file system.
D. Modify the EFS file system mount options to enable Transport Layer Security (TLS) on each of the EC2 instances.

Correct Answer: B