Now you can directly encrypt a root volume while launching an EC2 instance. By default its un-encrypted but there is a check box to opt for encrypting root volume.
This is a recent change in the last 2 months. Here is the announcement.
yeah i just noticed it! i thought i was wrong then noticed nah it is a new change to have encryption on the root volume. i hope the exam has been updated for that and it would not ask us to add new volume to add encryption.