Answer-first summary for fast verification
Answer: Use AWS Config to identify all untagged resources. Tag the identified resources programmatically. Use tags in the backup plan.
## Explanation **Correct Answer: A** **Why Option A is correct:** 1. **AWS Organizations with tagged resources**: The company already uses AWS Organizations and tags resources by account. This provides a structured way to identify resources. 2. **AWS Config for compliance**: AWS Config can be used to identify resources that don't have required tags (untagged resources). 3. **Programmatic tagging**: Once untagged resources are identified, they can be tagged programmatically using AWS Lambda or other automation tools. 4. **Tag-based backup plans**: AWS Backup supports tag-based selection, allowing backup plans to automatically include all resources with specific tags. 5. **Least operational overhead**: This approach automates the entire process - identifying untagged resources, tagging them, and including them in backups - minimizing manual intervention. **Why other options are incorrect:** **Option B**: AWS Config can identify resources that are not running, but this doesn't address the requirement to back up ALL AWS resources. Some resources might be stopped but still need backup, and running resources also need backup. **Option C**: Requiring manual review by account owners creates significant operational overhead and is prone to human error, making it the opposite of "least operational overhead." **Option D**: Amazon Inspector is a security vulnerability assessment service, not designed for identifying resources for backup. It focuses on security compliance, not resource inventory management. **Key AWS Services Involved:** - **AWS Organizations**: For multi-account management - **AWS Config**: For resource inventory and compliance checking - **AWS Backup**: For centralized backup management - **Tags**: For resource categorization and selection This solution provides a scalable, automated approach that leverages existing tagging practices and minimizes manual effort while ensuring comprehensive backup coverage.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company uses AWS Organizations with resources tagged by account. The company also uses AWS Backup to back up its AWS infrastructure resources. The company needs to back up all AWS resources.
Which solution will meet these requirements with the LEAST operational overhead?
A
Use AWS Config to identify all untagged resources. Tag the identified resources programmatically. Use tags in the backup plan.
B
Use AWS Config to identify all resources that are not running. Add those resources to the backup vault.
C
Require all AWS account owners to review their resources to identify the resources that need to be backed up.
D
Use Amazon Inspector to identify all noncompliant resources.