Changed SAA-C03 Exam Questions

The most resilient and scalable architecture for handling millions of high-resolution images with frequent updates is to store the binary images in Amazon S3 and store their metadata or reference (geographic code and S3 URL) in Amazon DynamoDB.

From AWS Documentation:

“Store large objects like images in Amazon S3 and use Amazon DynamoDB to store metadata and references. This design pattern is scalable, highly available, and cost-effective.”

(Source: AWS Architecture Blog – Best Practices for Handling Large Objects)

Why B is correct:

Amazon S3 is designed for storing large volumes of binary data (images).

DynamoDB provides low-latency reads/writes using the geographic code as the partition key.

Highly available, serverless, and auto-scaling, suitable for disaster scenarios with bursts of activity.

Reduces pressure on the database layer by separating metadata from image storage.

Why the others are incorrect:

Option A and D: Storing images directly in RDS is expensive, unscalable, and not optimal for binary storage.

Option C: DynamoDB is suitable, but storing actual binary image data in DynamoDB is not best practice due to item size limits (400 KB) and performance concerns.

AWSSecrets Managercan integrate directly with Amazon RDS for automatic and seamless password rotation. Secrets Manager handles the complexity of password management, including generating strong passwords and rotating them at a defined interval (e.g., every 30 days). It also automatically updates the connection information for RDS, minimizing operational overhead.

Option A (Lambda with EventBridge): While possible, this requires custom coding and operational management of Lambda, which introduces additional complexity.

Option B (Manual password change): Using the modify-db-instance command requires manual intervention and is not automated, leading to more operational effort.

Option D (Parameter Store): Systems Manager Parameter Store is less specialized for password management than Secrets Manager and does not have built-in automated rotation for RDS credentials.

AWS References:

AWS Secrets Manager Rotation for RDS

Amazon Aurora MySQL provides:

Continuous, incremental backups to Amazon S3 with point-in-time recovery (PITR), allowing recovery to any point within the retention window (typically up to 35 days). This easily achieves an RPO of less than 5 hours, often down to seconds.

Support for database auditing parameters so audit logs can be retained and managed (for example, in database logs or external log services) to meet the 7-day audit requirement.

Auto scaling (via read replicas, Aurora Serverless v2, or capacity management) to handle variable read/write demand throughout the year with minimal operational overhead.

Why others are less suitable:

A: DynamoDB is NoSQL and does not directly satisfy typical relational database + SQL audit requirements; Streams also only retain 24 hours, not 7 days, and on-demand backups do not inherently give an RPO < 5 hours without frequent scheduling.

B: Amazon Redshift is a data warehouse, not a primary transactional application database.

C: Snapshots every 5 hours give an RPO of up to 5 hours, not less than 5 hours, and rely on discrete snapshot points rather than continuous PITR.

The correct answer isBbecause the application isMicrosoft Windows-based, requiresshared storage, must use theSMB protocol, and needs to beresilient.Amazon FSx for Windows File Serveris the AWS managed file storage service built specifically for Windows workloads. It provides nativeSMB access, integration with Windows environments, and managed shared file storage for multiple application servers.

AMulti-AZ deploymentis the key feature that satisfies the resilience requirement. Multi-AZ FSx for Windows File Server stores data synchronously across Availability Zones and can automatically fail over to a standby file server in another Availability Zone if the primary becomes unavailable. This ensures high availability for shared file access and reduces the risk of application disruption.

Option A is incorrect becauseAmazon S3is object storage and does not natively provide SMB shared file semantics in the way required by Windows applications. Option C is incorrect becauseAmazon EBSvolumes are block storage volumes that are generally attached to a single instance and are not the standard solution for resilient multi-instance shared SMB storage. Option D is incorrect becauseAmazon FSx File Gatewayis used to provide on-premises access to Amazon FSx file systems and is not the primary shared storage service required for this cloud-native application design.

AWS storage guidance recommendsAmazon FSx for Windows File Serverfor Windows applications that need managed file shares over SMB. When resilience is required, aMulti-AZ deploymentis the most appropriate architecture.