Amazon Web Services SAA-C03 Exam With Confidence Using Practice Dumps

Why Option D is Correct:

GPU Access: Only EC2 instances in the GPU family (e.g., P2, P3) can provide GPU resources.

ECS Orchestration: Simplifies container deployment and management.

Why Other Options Are Not Ideal:

Option A: Lambda does not support GPU-based runtimes.

Option B: AWS Fargate does not support GPU-based workloads.

Option C: ECR is a container registry, not an orchestration or execution service.

AWS References:

Amazon ECS with GPU Instances:AWS Documentation - ECS GPU Instances

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. By creating a Config rule, you can automatically check whether your Amazon EBS volumes are encrypted and flag those that are not, with minimal cost and configuration effort.

AWS Config Rule: AWS Config provides managed rules that you can use to automatically check the compliance of your resources against predefined or custom criteria. In this case, you wouldcreate a rule to evaluate EBS volumes and determine if they are encrypted. If a volume is not encrypted, the rule will flag it, allowing you to take corrective action.

Operational Overhead: This approach significantly reduces operational overhead because once the rule is in place, it continuously monitors your EBS volumes for compliance, and there’s no need for manual checks or custom scripting.

Why Not Other Options?:

Option A (Lambda with API calls and EventBridge): While this can work, it involves writing and maintaining custom code, which increases operational overhead compared to using a managed AWS Config rule.

Option B (API calls on Fargate): Running API calls on Fargate is more complex and costly compared to using AWS Config, which provides a simpler, managed solution.

Option C (IAM policy with Cost Explorer): This option does not directly enforce encryption compliance and involves manual intervention, making it less efficient and more prone to errors.

AWS References:

AWS Config Rules- Overview of AWS Config rules and how they can be used to evaluate resource configurations.

Amazon EBS Encryption- Information on how to manage and enforce encryption for EBS volumes.

The correct answer is A because the company needs to rotate database credentials every 30 days while maximizing security and minimizing development effort. AWS Secrets Manager is the AWS service specifically designed to store, manage, and rotate secrets such as database usernames and passwords. It supports automatic rotation for supported databases, including Amazon Aurora MySQL , which makes it the most secure and operationally efficient solution.

With Secrets Manager, credentials are encrypted at rest, access can be controlled through IAM policies, and applications can retrieve secrets programmatically without embedding them in source code or configuration files. Automatic rotation reduces the risk associated with static credentials and helps meet compliance requirements with minimal manual work. Because rotation is built into the service, the development effort is significantly lower than creating and maintaining custom rotation logic.

Option B can work, but it requires building and operating a custom Lambda rotation function , which adds complexity compared with the native automation available in Secrets Manager. Options C and D are not best practices because storing credentials in environment files or configuration files increases security risk and does not provide a managed secrets lifecycle.

AWS security best practices recommend centralizing sensitive credentials in AWS Secrets Manager and enabling automatic rotation whenever possible. This improves security posture, reduces operational overhead, and aligns directly with compliance requirements for regular credential changes. Therefore, storing Aurora MySQL credentials in Secrets Manager with 30-day automatic rotation is the best solution.