A web app runs on an EC2 Auto Scaling group behind an Application Load Balancer (ALB). The ALB is configured with health checks and the ASG spans three subnets in three Availability Zones. During an AZ outage, monitoring shows the number of healthy instances drops sharply and never returns to the original capacity until the ASG is manually adjusted. What change most directly improves resilience so capacity returns automatically during an AZ failure?

Reduce the ASG desired capacity by 1 and rely on the ALB to route traffic to fewer instances during the outage.

Reducing desired capacity makes the ASG intentionally maintain less capacity. It does not address why instances are not being replaced, so capacity may not recover automatically to the original level after the outage.

Move the ALB to only one subnet so health checks and routing remain consistent during the outage.

An ALB can only route traffic through the load balancer nodes placed in the selected subnets/AZs. If the single selected subnet/AZ is affected, the ALB can become unavailable even if the ASG launches healthy instances elsewhere.

Add an S3 event trigger to terminate unhealthy instances so the ASG can scale back out using its scheduled actions.

S3 events do not correlate with ALB target health or Availability Zone failures for EC2 instances. Scheduled scaling actions may also not run immediately in response to health deterioration, so this approach will not directly fix the recovery mechanism.

What does this SAA-C03 question test?

CIDR notation defines the prefix length.

What is the correct answer to this question?

The correct answer is: Configure the ASG to use the ALB target-group health checks (ELB/target-group health) and ensure the ASG has at least two subnets in different Availability Zones that remain available for instance placement. — During an Availability Zone outage, the goal is for the Auto Scaling group to replace targets that are unhealthy from the ALB (application) perspective and to launch replacements in remaining Availability Zones. Configuring the ASG to use ALB target-group health checks ensures that targets that cannot be reached (even if the EC2 instances are still running) are marked unhealthy and replaced. With multiple AZ-subnets eligible for placement, the ASG can automatically restore desired capacity without manual intervention. A reduces desired capacity, which prevents automatic restoration of the original capacity level. C reduces load-balancer fault tolerance by placing the ALB in only one subnet/AZ, which can eliminate connectivity during an AZ failure. D introduces an unrelated termination mechanism; it does not correctly detect ALB target health and is not an immediate or deterministic recovery path for AZ-specific outages.

What should I do if I get this SAA-C03 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.