Skip to Content

DVA-C02: How to Expand an Application to Multiple AWS Regions with Encrypted AMIs

Learn how to copy and encrypt Amazon Machine Images (AMIs) across different AWS Regions when expanding an application to run in multiple locations. Discover the best practices and steps for this process.

Question

A developer wants to expand an application to run in multiple AWS Regions. The developer wants to copy Amazon Machine Images (AMIs) with the latest changes and create a new application stack in the destination Region. According to company requirements, all AMIs must be encrypted in all Regions.

However, not all the AMIs that the company uses are encrypted.

How can the developer expand the application to run in the destination Region while meeting the encryption requirement?

A. Create new AMIs, and specify encryption parameters. Copy the encrypted AMIs to the destination Region. Delete the unencrypted AMIs.

B. Use AWS Key Management Service (AWS KMS) to enable encryption on the unencrypted AMIs. Copy the encrypted AMIs to the destination Region.

C. Use AWS Certificate Manager (ACM) to enable encryption on the unencrypted AMIs. Copy the encrypted AMIs to the destination Region.

D. Copy the unencrypted AMIs to the destination Region. Enable encryption by default in the destination Region.

Answer

A. Create new AMIs, and specify encryption parameters. Copy the encrypted AMIs to the destination Region. Delete the unencrypted AMIs.

Explanation

The correct answer is A. Create new AMIs, and specify encryption parameters. Copy the encrypted AMIs to the destination Region. Delete the unencrypted AMIs.

This solution will meet the encryption requirement because it will ensure that all AMIs are encrypted in all Regions. The developer can use the AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS SDKs to create new AMIs from the existing unencrypted AMIs and specify encryption parameters. The developer can use AWS Key Management Service (AWS KMS) to generate or use a customer master key (CMK) for encryption. The developer can then copy the encrypted AMIs to the destination Region and delete the unencrypted AMIs.

The other options are not optimal or feasible for the following reasons:

B. Using AWS Key Management Service (AWS KMS) to enable encryption on the unencrypted AMIs will not work, as AWS KMS does not provide a direct way to encrypt existing AMIs. The developer will have to create new encrypted volumes from the unencrypted volumes and then create new encrypted AMIs from the encrypted volumes.

C. Using AWS Certificate Manager (ACM) to enable encryption on the unencrypted AMIs will not work, as ACM is a service that provides and manages public SSL/TLS certificates for web applications. ACM does not provide encryption for AMIs or volumes.

D. Copying the unencrypted AMIs to the destination Region and enabling encryption by default in the destination Region will not work, as encryption by default only applies to new volumes created from encrypted snapshots or new snapshots created from encrypted volumes. It does not apply to existing unencrypted volumes or snapshots.

The latest AWS Certified Developer – Associate DVA-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Developer – Associate DVA-C02 exam and earn AWS Certified Developer – Associate DVA-C02 certification.

AWS Certified Developer - Associate DVA-C02 Exam Questions and Answers

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.