Question #950
Who is responsible for configuring default encryption settings for newly created Amazon Elastic Block Store (Amazon EBS) volumes?
AWS Support
AWS customers
AWS Key Management Service (AWS KMS)
AWS Trusted Advisor
Explanation
The correct answer is B. AWS customers are responsible for configuring default encryption settings for newly created Amazon EBS volumes. AWS provides the option to enable default encryption at the account level, but it is the customer's responsibility to configure this setting. Customers can use AWS KMS keys (either AWS-managed or customer-managed) to enforce encryption by default, ensuring all new EBS volumes are encrypted unless explicitly overridden.
Why other options are incorrect:
- A. AWS Support: AWS Support assists with technical issues but does not configure default settings on behalf of customers.
- C. AWS KMS: While AWS KMS manages encryption keys, it does not configure default encryption settings; it is a tool used by customers to implement encryption.
- D. AWS Trusted Advisor: This service provides cost and security recommendations but does not enforce or configure encryption settings.
Key Takeaway: Under the AWS shared responsibility model, customers control data encryption configurations, including enabling default encryption for EBS volumes.
Answer
The correct answer is: B