Your team has completed development of an application. Now, this needs to be deployed to an application on an EC2 Instance. The Application data will be stored on a separate volume which needs to be encrypted at rest. How can you ensure this requirement is met? 

Answer options:

A.Ensure that Encryption is enabled during volume creation time.
B.Ensure to use Throughput Optimized HDD to allow for Encryption.
C.Create a Customer master key in the KMS service.
D.Create an EBS Encryption Key.

Answer – A
The AWS Documentation mentions the following.
Amazon EBS encryption uses AWS Key Management Service (AWS KMS) customer master keys (CMKs) when creating encrypted volumes and any snapshots created from them. A unique AWS-managed CMK is created for you automatically in each region where you store AWS assets. This key is used for Amazon EBS encryption.
Option B is incorrect since Encryption is possible on all EBS volume types.
Option C is incorrect because encryption of an EBS volume can be done without generating a CMK in the console.
Option D is incorrect since you need to create the Encryption Key in the KMS service.
For more information on EBS Encryption, please refer to the below Link-
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html