Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 100 discussion

C makes a better sense. Between C (S3) and D (EBS), S3 is highly available with LEAST operational overhead.

Correct Answer is C: EBS is not highly available

C. Correct, AWS KMS handles encryption with minimal effort and Amazon S3 offers durable and available storage vs D Incorrect. EBS is storage attached to an EC2 instance, which reduces availability compared to S3.

The answer is in LEAST operational overhead

Of the given options, C makes most sense. Reason being the rest of the options do notmake as much sense due to A. Being not specific enough, B. being insufficient to achieve the objective, D, being on EBS, which needs to be attached to a EC2 instance. One thing with the questions is that there is many times, some data that is unclear or there is some ambiguity. I feel these scenarios makes one to assume things and perhaps even train the mind to evaluate ambiguous situations. This is valuable in my opinion.

S3 is highly available compared to EBS and using AWS KMS is more suitable for managing certificates here

Both C and D are correct. C is suitable for this requirement. we've to use S3 because they want to save the data with H.A

C is the most efficient.

AWS KMS: Provides a managed service for secure key storage and encryption/decryption operations. This eliminates the need to manage encryption/decryption logic within the application itself. Customer Managed Key: The company maintains control over the key, ensuring security. EC2 Role Permissions: Granting permissions to the EC2 role allows the application to use KMS for encryption/decryption without managing individual credentials. Amazon S3: Offers highly available and scalable storage for the encrypted certificates. S3 is generally cheaper than EBS for data that is not frequently accessed.

C for sure

S3: highly available EBS: lower latency

"Amazon S3 is an object storage service that can store large volumes of unstructured data, whereas Amazon EBS is a block storage service that is ideally suited for durable, low-latency data storage associated with EC2 instances." https://www.tutorialspoint.com/difference-between-amazon-s3-and-amazon-ebs#:~:text=In%20conclusion%2C%20Amazon%20S3%20is,storage%20associated%20with%20EC2%20instances. Seems like D to me. S3 is for large data, EBS is ec2 specific.

The language is confusing over here so I'm going by process of elimination A: Wrong because manual operation and fine grained IAM is overhead B: What? D: Between C and D S3 is more HA than EFS so C wins

I would select D. you can mount a single Amazon Elastic Block Store (EBS) volume to multiple Docker containers running on the same Amazon Elastic Compute Cloud (EC2) instance. . you can store data from a container running on Amazon Elastic Compute Cloud (EC2) to an Amazon Simple Storage Service (S3) bucket. One way to do this is to use the aws s3 cp command in the command line of the EC2 instance.

A - does not mention storing the encrypted data at all (though that is a requirement), also involves manual action which is surely NOT "least operational effort" B - Doesn't make any sense C - Yes, S3 meets the requirements and is easy to access from containerized app D - EBS volumes are mounted to the container host, but data is created on containers

A is OK secrets manager: - is highly available - you can store custom secrets in it like certificate - automatically encrypts secrets at rest, and can be configured for encryption in transit - downloading certificate from it is less operational overhead than decrypting it manually with KMS key arguments againts it that this is more manual than C and D? this manual step is necessary measure and can't be omitted in other options C and D have this "store the encrypted data in..." to store encrypted certificate you have to: log in to instance, get kms key, get certificate, encrypt it, and load that data this is more operational overhead

"C" is more correct because S3 is more efficient and cheaper to store data like certificates, like this case. Also Option D involves using Amazon Elastic Block Store (Amazon EBS) volumes, which is not typically used for storing certificates and may introduce unnecessary complexity and operational overhead.