Your application stores sensitive information on an EBS volume attached to your EC2 instance.
How can you protect your information? Choose two answers from the options given below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C and D.
These steps are given in the AWS documentation.
To migrate data between encrypted and unencrypted volumes.
1) Create your destination volume (encrypted or unencrypted, depending on your need).
2) Attach the destination volume to the instance that hosts the data to migrate.
3) Make the destination volume available by following the procedures in Making an Amazon EBS Volume Available for Use.
For Linux instances, you can create a mount point at /mnt/destination and mount the destination volume there.
4) Copy the data from your source directory to the destination volume.
It may be most convenient to use a bulk-copy utility for this.
To encrypt a volume's data by means of snapshot copying.
1) Create a snapshot of your unencrypted EBS volume.
This snapshot is also unencrypted.
2) Copy the snapshot while applying encryption parameters.
The resulting target snapshot is encrypted.
3) Restore the encrypted snapshot to a new volume, which is also encrypted.
For more information on EBS Encryption, please refer to the below document link: from AWS.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.htmlTo protect sensitive information stored on an EBS volume attached to an EC2 instance, there are two possible solutions:
A. Unmount the EBS volume, take a snapshot, and encrypt the snapshot. Re-mount the Amazon EBS volume.
This solution involves creating a snapshot of the EBS volume and then encrypting the snapshot. To do this, first, unmount the EBS volume to prevent any data changes during the snapshot process. Then, take a snapshot of the EBS volume, which creates a point-in-time backup of the volume. Once the snapshot is complete, encrypt the snapshot using AWS Key Management Service (KMS) or a customer-managed key. Once the snapshot is encrypted, you can re-mount the Amazon EBS volume and use it as usual. However, any new data written to the EBS volume will not be encrypted until a new snapshot is taken and encrypted.
B. Copy the unencrypted snapshot and check the box to encrypt the new snapshot. Volumes restored from this encrypted snapshot will also be encrypted.
This solution involves creating a new, encrypted snapshot of the original EBS volume snapshot. First, copy the original, unencrypted snapshot, and select the option to encrypt the new snapshot during the copy process. This creates a new snapshot that is encrypted, and any volumes restored from this snapshot will also be encrypted. This solution does not require unmounting the EBS volume, but it does require creating a new snapshot, which can incur additional costs.
Option B is incorrect since EBS volumes can be encrypted. AWS provides an option to encrypt EBS volumes with AWS KMS or a customer-managed key.
Option D is also a valid solution. This solution involves creating a new, encrypted EBS volume and moving the data from the old, unencrypted EBS volume to the new one. This solution is useful if you want to ensure that all data on the EBS volume is encrypted, and you don't want to take a snapshot or copy the data to another service. However, this solution requires creating a new EBS volume and incurring additional costs.
In summary, the two solutions to protect sensitive information on an EBS volume attached to an EC2 instance are: