Your company has an existing Redshift cluster. The sales team currently stores historical data in the cluster. There is now a requirement to ensure that all data is encrypted at rest. What do you need to do on your end (as of October 2018)?

Answer options:

A.Enable the encryption feature for the cluster.
B.Enable encryption for the underlying EBS volumes.
C.Use SSL certificates to encrypt the data at rest.
D.Create a new cluster with encryption enabled and then migrate the data over to the new cluster.

Answer – A
The AWS Documentation mentions the following.
In Amazon Redshift, you can enable database encryption for your clusters to help protect data at rest. When you enable encryption for a cluster, the data blocks and system metadata are encrypted for the cluster and its snapshots.
Encryption is an optional, immutable setting of a cluster. If you want encryption, you enable it during the cluster launch process. As of October 2018, you can enable encryption on an un-encrypted cluster. AWS will handle migrating the data over to a new, encrypted cluster behind-the-scenes.
Option A is CORRECT because you can now enable encryption for an existing Redshift cluster. Please refer to the below link-
https://docs.aws.amazon.com/redshift/latest/mgmt/changing-cluster-encryption.html
Option B is invalid since the encryption needs to be enabled at the cluster level.
Option C is invalid since SSL certificates are used for the encryption of data in transit.
Option D is incorrect because you can now enable encryption for an existing Redshift cluster and therefore creating a new Redshift cluster to enable encryption is unnecessary.