AWS Certified Solutions Architect – Associate (SAA-C03) — Question 438

A company is migrating its applications and databases to the AWS Cloud. The company will use Amazon Elastic Container Service (Amazon ECS), AWS Direct Connect, and Amazon RDS.

Which activities will be managed by the company's operational team? (Choose three.)

Answer options

• A. Management of the Amazon RDS infrastructure layer, operating system, and platforms
• B. Creation of an Amazon RDS DB instance and configuring the scheduled maintenance window
• C. Configuration of additional software components on Amazon ECS for monitoring, patch management, log management, and host intrusion detection
• D. Installation of patches for all minor and major database versions for Amazon RDS
• E. Ensure the physical security of the Amazon RDS infrastructure in the data center
• F. Encryption of the data that moves in transit through Direct Connect

Correct answer: B, C, F

Explanation

Under the AWS Shared Responsibility Model, AWS is responsible for 'security of the cloud,' which includes the physical security of data centers, the infrastructure layer of managed services like Amazon RDS, and patching the underlying RDS OS/database engines. The customer is responsible for 'security in the cloud,' which includes provisioning and configuring RDS instances, securing containerized environments like Amazon ECS with additional monitoring or logging software, and ensuring data transmitted over AWS Direct Connect is encrypted.