Amazon Web Services Updated SAA-C03 Exam Questions and Answers by ayub

Why Option D is Correct:

GPU Access: Only EC2 instances in the GPU family (e.g., P2, P3) can provide GPU resources.

ECS Orchestration: Simplifies container deployment and management.

Why Other Options Are Not Ideal:

Option A: Lambda does not support GPU-based runtimes.

Option B: AWS Fargate does not support GPU-based workloads.

Option C: ECR is a container registry, not an orchestration or execution service.

AWS References:

Amazon ECS with GPU Instances:AWS Documentation - ECS GPU Instances

Amazon Route 53 health checks can automatically perform DNS failover to healthy endpoints. When integrated with an Application Load Balancer, this provides a highly resilient system architecture that automatically routes traffic to healthy resources across Regions or endpoints.

From AWS Documentation:

“Route 53 DNS failover automatically routes traffic away from unhealthy resources and directs it to healthy resources that you specify in DNS records.”

(Source: Amazon Route 53 Developer Guide – DNS Failover)

Why B is correct:

Route 53 health checks automatically monitor endpoint health and switch to a healthy target when the primary endpoint fails.

The failover process is automatic, with no manual updates to DNS records required.

Combined with ALB’s built-in multi-AZ resilience, this provides maximum availability.

Why others are incorrect:

A & C: Require manual DNS updates, which are not automatic and introduce latency.

D: Creating new ALBs during failover increases downtime and is operationally inefficient.

Amazon Aurora Serverless is a fully managed, MySQL-compatible database that automatically scales based on demand and provides high availability. Combining this with EC2 Auto Scaling and an Application Load Balancer achieves both application and database high availability and scalability.

Reference Extract:

" Aurora Serverless automatically starts up, shuts down, and scales capacity based on your application ' s needs, providing a cost-effective, highly available database solution. "

Source: AWS Certified Solutions Architect – Official Study Guide, Aurora Serverless and Scaling section.

The most secure solution for allowing EC2 instances to access an S3 bucket is by usingIAM roles. An IAM role can be created with an access policy that grants the required permissions (e.g., to read and write to the S3 bucket). The IAM role is then associated with the EC2 instances through anIAM instance profile.

By associating the role with the instances, the EC2 instances can securely assume the role and receive temporary credentials via the instance metadata service. This avoids the need to store credentials (such as access keys) on the instances or within the application, enhancing security and reducing the risk of credentials being exposed.

AWS CloudFormation can be used to automate the creation of the entire infrastructure, including EC2 instances, IAM roles, and associated policies.

AWS References:

IAM Roles for EC2 Instancesoutlines the use of IAM roles for secure access to AWS services.

AWS CloudFormation User Guidedetails how to create and manage resources using CloudFormation templates.

Why the other options are incorrect:

A. Save IAM access key in UserData: This is insecure because it involves storing long-term credentials in the instance user data, which can be exposed.

B. Store access keys in S3: This is also insecure, as it involves managing and distributing long-term credentials, which should be avoided.

D. Retrieve access keys via a script: This approach is unnecessarily complex and less secure than using IAM roles, which provide temporary credentials automatically.