ExpertEasy1 markMultiple Choice
AWS SAP-C02 · Question 74 · Domain 3.2: Security Improvement
A company wants to implement continuous compliance monitoring for their AWS environment. They want to be alerted if any Amazon S3 bucket becomes publicly accessible or if any IAM user has a password older than 90 days. Which AWS service is BEST suited for this?
A company wants to implement continuous compliance monitoring for their AWS environment. They want to be alerted if any Amazon S3 bucket becomes publicly accessible or if any IAM user has a password older than 90 days. Which AWS service is BEST suited for this?
Answer options:
A.
AWS CloudTrail
B.
AWS Config
C.
Amazon Inspector
D.
AWS Trusted Advisor
How to approach this question
Identify the service for configuration compliance.
Full Answer
B.AWS Config✓ Correct
AWS Config
AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources. You can use AWS Config Rules to check for specific conditions, such as public S3 buckets or old IAM passwords.
Common mistakes
Choosing CloudTrail, which is for auditing *who* did what, not *what state* the resource is currently in.
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 7
75 questions · hints · full answers · grading
More questions from this exam
Q01A global enterprise is designing a multi-region network architecture connecting 50 AWS accounts a...HardQ02A company is migrating its hybrid network to AWS. They have two 10 Gbps AWS Direct Connect connec...HardQ03An enterprise has 100 AWS accounts in AWS Organizations. The security team mandates that all Amaz...MediumQ04A financial company requires that all EBS volumes, S3 buckets, and RDS databases be encrypted usi...EasyQ05An enterprise is designing a disaster recovery strategy for a critical application running on Ama...Hard