AWS · SAA-C03

Rpo Rto Confusion — AWS Solutions Architect (SAA-C03)

You confused recovery point objective (data loss tolerance) with recovery time objective (downtime tolerance). Different requirements, different architectures.

Recovery speed and data loss are separate constraints

Architecture requirement: meet a specific recovery point and recovery time after a failure event. Competing choices: Multi-AZ failover, pilot light, warm standby, and active-active. Deciding constraint: which target is tighter — RPO or RTO — and what replication or failover mechanism enforces it? Multi-AZ protects availability but does not protect against data deletion or corruption at the application layer. Read both targets before selecting a DR tier; satisfying one without the other is a common wrong answer.

2%of exam questions affected (4 of 200)

The Scenario

A financial application requires RPO of 1 hour and RTO of 15 minutes. You design a Pilot Light strategy with Aurora read replicas in the DR region using asynchronous replication. Pilot Light infrastructure can spin up in 15 minutes (meets RTO). But asynchronous replication to a read replica can lag by several hours during peak loads — if the primary fails during a replication lag spike, you lose more than 1 hour of transactions (violates RPO). The correct answer is Warm Standby with Aurora Global Database, which replicates with typical lag under 1 second and provides a pre-scaled environment for fast failover. You satisfied RTO but forgot to verify RPO independently.

How to Spot It

  • RPO drives your replication strategy: RPO of 0 requires synchronous replication (Multi-AZ RDS, Aurora Multi-AZ). RPO of 1 hour can use asynchronous replication if the lag is bounded under 1 hour (Aurora Global Database typical lag < 1 second). RPO of 24 hours can use daily snapshots.
  • RTO drives your failover infrastructure: RTO of minutes requires Warm Standby or Multi-Site Active-Active with pre-provisioned compute. RTO of hours allows Pilot Light (minimal infrastructure, scaled up on failover). RTO of days allows Backup and Restore from S3/snapshots.
  • When a question gives both RPO and RTO, evaluate each independently against every answer option. An answer that meets RTO but fails RPO is wrong. The exam specifically designs options that satisfy one but not the other.

Decision Rules

Whether synchronous replication with automatic standby promotion (RDS Multi-AZ) or asynchronous replication with manual promotion (RDS Read Replica) satisfies a stated RPO under one minute with no manual failover intervention.

Amazon RDSAmazon Aurora

Domain Coverage

Design Resilient Architectures

Difficulty Breakdown

Medium: 4

Related Patterns

Multi-Az And Data Durability Design2% of examServerless Vs Container Cost Tradeoff10% of examIdentity And Access Governance8% of exam
Start training this trap →

See all SAA-C03 traps →