This certification preparation material would help you in getting the jobs in the AWS Fields

AWS Developer Certification : Associate Level AWS Sysops Administrator Certification : Assciate Level AWS Solution Architect Certification : Associate Level AWS Soltion Architect : Professional Level AWS Certified Security Specialty (SCS-C01) AWS Professional certification Exam AWS Certified Big Data – Specialty (BDS-C00) AWS Certified Machine Learning MLS C01 Certification Prepration Materal AWS Solution Architect : Training Associate AWS Advanced Networking Certifications AWS Exam Prepare : Kinesis Data Stream Book : AWS Solution Architect Associate : Little Guide AWS Security Specialization Certification: Little Guide SCS-C01 AWS Package Deal


While applying to the Job you need to mention referred by : admin@hadoopexam.com | or Website : http://www.HadoopExam.com


 

Question 8: You have been working with an IT healthcare company which manages the patient data. All the instances you launched on which your application exists support the encrypted EBS volumes. However, your initial developer does not take care of enabling the encryption. Hence, all the data kept on that attached EBS volume is not encrypted, and to become HIPAA compliant you have to have all the attached volume and snapshots to be encrypted. How can you make sure all the existing snapshots are encrypted and attached volume is also encrypted?

  1. You will enable the encryption flag to the already attached volume.
  2. You will mark the status of already created snapshot status as encrypted and attach a CMK from KMS.
  3. You will copy unencrypted snapshots to a new snapshots which will be encrypted.
  4. You will attach a new volume to the instance with encryption enabled, and then copy data from unencrypted volume to encrypted volume.

Correct Answer : C, D

Detailed Explaination: There is no direct way by which you can encrypt existing unencrypted volume and vice versa.

  1. You have to migrate data for doing that.
  2. Or you can apply new encryption status while copying a snapshot.
  3. There are important points regarding this
    1. While copying an unencrypted snapshot of an unencrypted volume, you can encrypt the copy. Hence, volumes restored using this are also encrypted.
    2. While copying an encrypted snapshot of encrypted volume, you can associate the copy with a different CMK. Hence, volume restored from this can only be accessible using new CMK.
  4. There are important points regarding this
    1. While copying an unencrypted snapshot of an unencrypted volume, you can encrypt the copy. Hence, volumes restored using this are also encrypted.
    2. While copying an encrypted snapshot of encrypted volume, you can associate the copy with a different CMK. Hence, volume restored from this can only be accessible using new CMK.
  5. We cannot remove encryption from an encrypted snapshot.
  6. Migrate data between encrypted and unencrypted volumes
    1. Create a destination volume (either encrypted or decrypted)
    2. Attach the destination volume to the instance which has the data.
    3. You need to follow some steps to make destination volume available.
    4. Once destination volume is available you can copy data from instance to destination volume.
    5. In above steps data will be copied and you can change the encryption state while copying the data.
  7. If your EC2 instance has attached volume which is un-encrypted. And you want to encrypt it then follow the below steps.
    1. Create a snapshot of un-encrypted data.
    2. Copy this snapshot and while copy you can change the encryption state. Hence, new snapshot will be encrypted.
  8. Now restore this snapshot as volume to instance, and this volume is encrypted.