Q50 — AWS SOA-C02 Ch.1
Question 50 of 100 | ← Chapter 1
An organization created an Amazon Elastic File System (Amazon EFS) volume with a file system ID of fs-85ba41fc, and it is actively used by 10 Amazon EC2 hosts. The organization has become concerned that the file system is not encrypted. How can this be resolved?
- A. Enable encryption on each host's connection to the Amazon EFS volume. Each connection must be recreated for encryption to take effect.
- B. Enable encryption on the existing EFS volume by using the AWS Command Line Interface.
- C. Enable encryption on each host's local drive. Restart each host to encrypt the drive.
- D. Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each host to the new volume. ✓
Correct Answer: D. Enable encryption on a newly created volume and copy all data from the original volume. Reconnect each host to the new volume.
Explanation
Amazon EFS加密功能仅在文件系统创建时启用,无法对现有未加密的文件系统直接启用加密(AWS文档明确指出加密配置不可修改)。选项D描述了正确的解决方案:创建新加密文件系统,复制数据后重新挂载。其他选项涉及错误的加密对象(如本地驱动器或连接配置)或尝试修改现有卷加密状态,均不符合EFS加密的实现机制。