Auditors for a health care company have mandated that all data volumes be encrypted at rest. Infrastructure is deployed mainly via AWS CloudFormation; however, third-party frameworks and manual deployment are required on some legacy systems. What is the BEST way to monitor, on a recurring basis, whether all EBS volumes are encrypted?
A) On a recurring basis, update all IAM user policies to require that EC2 instances are created with an encrypted volume.
B) Configure an AWS Config rule to run on a recurring basis for volume encryption.
C) Set up Amazon Inspector rules for volume encryption to run on a recurring schedule.
D) Use CloudWatch Logs to determine whether instances were created with an encrypted volume.
Correct Answer:
Verified
Q262: A Security Engineer is troubleshooting a connectivity
Q263: A company is developing a mobile shopping
Q264: A security team is implementing a centralized
Q265: A company is developing an ecommerce application.
Q266: A company uses AWS CodePipeline for its
Q268: A Security Engineer has several thousand Amazon
Q269: An application has been written that publishes
Q270: A security engineer needs to build a
Q271: An organization has a multi-petabyte workload that
Q272: A public subnet contains two Amazon EC2
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents