Question 29: You are working with an application which needs to store data on EBS volume as well as all the encryption and decryption of the data can be in-built. Any encryption keys you are using for the data should be highly protected. Which of the following AWS solution will be ideal for given requirement?

1. You will be using AWS Security Manager
2. You will be installing SSL/TLS certificate on EC2 instance.
3. Correct Answer
4. You will be using AWS CloudTrail solution

Correct Answer : C

Detailed Explanation

: In the given question we wanted that all the data read and write on EBS volume should be encrypted. And better solution for which very well integrated for given requirement is AWS KMS (Key management solution). AWS KMS is a managed solution from A................................. is highly protected because they will never leave KMS, they are protected using Hardware Security Manager (HSM).

And KMS is well integrated with the AWS EC2 and EBS volume. If yo..............................the data you are storing in EBS. Hence, option 3 is correct.

Now lets look for other options

Option 1: AWS security manager provides encryption but this is not an ideal solution for EBS volume encryption. Security Manager is good for encryption credentials like Database connection string, Username and password etc, which you can retrieve dynamically and rather than storing them in the code. It is a good practice to use it, but can not be used for EBS encryption. Even AWS Security Manager uses KMS for encrypting credentials.

Option 2: SSL certificates are good for both c............................