🔥 3-day streak
AWS Certified Security - Specialty55 / 184
Question 55 of 184

A security engineer discovers that several EC2 instances in a production account were launched with unencrypted EBS root and data volumes before an encryption policy was enforced. The engineer has already enabled EBS encryption by default at the account and Region level to protect future volumes. What is the correct approach to bring the EXISTING unencrypted volumes into compliance with the encryption-at-rest requirement while minimizing data loss?

Reviewed for accuracy · Report an issueNext question