AWS Certified Security - Specialty (#104)

Example.com hosts its internal document repository on Amazon EC2 instances. The application runs on EC2 instances and previously stored the documents on encrypted Amazon EBS volumes. To optimize the application for scale, example.com has moved the files to Amazon S3. The security team has mandated that all the files are securely deleted from the EBS volume, and it must certify that the data is unreadable before releasing the underlying disks. Which of the following methods will ensure that the data is unreadable by anyone else?

Change the volume encryption on the EBS volume to use a different encryption mechanism. Then, release the EBS volumes back to AWS.
Release the volumes back to AWS. AWS immediately wipes the disk after it is deprovisioned.
Delete the encryption key used to encrypt the EBS volume. Then, release the EBS volumes back to AWS.
Delete the data by using the operating system delete commands. Run Quick Format on the drive and then release the EBS volumes back to AWS.