AWS Certified Solutions Architect – Associate (SAA-C03) — Question 509

A company uses AWS Organizations with resources tagged by account. The company also uses AWS Backup to back up its AWS infrastructure resources. The company needs to back up all AWS resources.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Use AWS Config to identify all untagged resources. Tag the identified resources programmatically. Use tags in the backup plan.
• B. Use AWS Config to identify all resources that are not running. Add those resources to the backup vault.
• C. Require all AWS account owners to review their resources to identify the resources that need to be backed up.
• D. Use Amazon Inspector to identify all noncompliant resources.

Correct answer: A

Explanation

Using AWS Config to automatically detect and programmatically tag untagged resources allows AWS Backup to dynamically include them in backup plans using tag-based policies, which minimizes manual effort. Option B is incorrect because backing up only non-running resources does not cover all resources. Option C introduces significant manual overhead, while Option D is incorrect because Amazon Inspector is a security assessment service, not a tool for managing backups or tagging untagged resources.