An enterprise is migrating 500 applications to AWS. They want to establish a continuous compliance framework to ensure all deployed resources adhere to corporate security standards (e.g., encrypted EBS volumes, restricted security groups). Which TWO services should be combined to provide automated detection and remediation? (Select TWO)

Answer options:

AWS Config

AWS CloudTrail

AWS Systems Manager Automation

Amazon GuardDuty

AWS Trusted Advisor

AWS Artifact

How to approach this question

Pair the configuration monitoring service (Config) with the operational automation service (Systems Manager).

Full Answer

AWS Config rules evaluate the configuration settings of your AWS resources. When a resource is flagged as non-compliant, Config can trigger an AWS Systems Manager Automation document to automatically remediate the issue (e.g., encrypting an unencrypted volume).

Common mistakes

Choosing GuardDuty for configuration compliance instead of threat detection.

Question 57 All questions Question 59

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 1

75 questions · hints · full answers · grading

More questions from this exam

Q01An enterprise has 50 VPCs across two AWS Regions. They need to establish transitive routing betwe...Hard Q02A company uses AWS Organizations. The security team wants to ensure that no IAM user or role can ...Medium Q03An application requires a relational database with an RPO of 1 second and an RTO of less than 1 m...Hard Q04A company is setting up a new multi-account environment. They want to automate the provisioning o...Medium Q05An organization wants to allocate AWS costs to specific business units. They use AWS Organization...Hard

View all 75 questions →