AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 100 (Page 1 of 2)

C makes a better sense. Between C (S3) and D (EBS), S3 is highly available with LEAST operational overhead.

Correct Answer is C: EBS is not highly available

EBS is Highly Available as it stores in multi AZ and S3 is regional.

EBS also has Multi-AZ capability, but it does not replicate the data across multiple availability zones by default. When Multi-AZ is enabled, it creates a replica of the EBS volume in a different availability zone and automatically failover to the replica in case of a failure. However, this requires additional configuration and management. In comparison, Amazon S3 automatically replicates data across multiple availability zones without any additional configuration. Therefore, storing the data on Amazon S3 provides a simpler and more efficient solution for high availability.

S3 is also highly available. Within the region, but still. Multi-AZ = HA.

S3: highly available
EBS: lower latency

The language is confusing over here so I'm going by process of elimination
A: Wrong because manual operation and fine grained IAM is overhead
B: What?
D: Between C and D S3 is more HA than EFS so C wins

I would select D.
you can mount a single Amazon Elastic Block Store (EBS) volume to multiple Docker containers running on the same Amazon Elastic Compute Cloud (EC2) instance.
.
you can store data from a container running on Amazon Elastic Compute Cloud (EC2) to an Amazon Simple Storage Service (S3) bucket. One way to do this is to use the aws s3 cp command in the command line of the EC2 instance.

A is OK
secrets manager:
    - is highly available
    - you can store custom secrets in it like certificate
    - automatically encrypts secrets at rest, and can be configured for encryption in transit
    - downloading certificate from it is less operational overhead than decrypting it manually with KMS key

arguments againts it that this is more manual than C and D? this manual step is necessary measure and can't be omitted in other options
C and D have this "store the encrypted data in..." to store encrypted certificate you have to: log in to instance, get kms key, get certificate, encrypt it, and load that data this is more operational overhead

"C" is more correct because S3 is more efficient and cheaper to store data like certificates, like this case. Also Option D involves using Amazon Elastic Block Store (Amazon EBS) volumes, which is not typically used for storing certificates and may introduce unnecessary complexity and operational overhead.

C. when it comes to availability, Amazon S3 is generally more highly available than Amazon EBS because S3 replicates data across multiple AZs by default, providing greater resilience to failures. However, the choice between S3 and EBS depends on your specific use case and whether you need block storage for EC2 instances (EBS) or object storage for storing and retrieving data (S3).

Option C is the best solution that meets all the requirements with the least operational overhead:

Use AWS KMS customer managed key for encryption
Allow EC2 instance role access to use the KMS key
Store encrypted data in Amazon S3