A solutions architect needs to ensure that all Amazon Elastic Block Store (Amazon EBS) volumes restored from unencrypted EBC snapshots are encrypted.
What should the solutions architect do to accomplish this?
A. Enable EBS encryption by default for the AWS Region.
B. Enable EBS encryption by default for the specific volumes.
C. Create a new volume and specify the symmetric customer master key (CMK) to use for encryption.
D. Create a new volume and specify the asymmetric customer master key (CMK) to use for encryption.
why not “A”??
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
Restore an unencrypted volume (encryption by default enabled)
When you have enabled encryption by default, encryption is mandatory for volumes restored from unencrypted snapshots, and no encryption parameters are required for your default KMS key to be used.