Which service is best when you want to continuously record the change history of AWS resource configurations and automatically evaluate whether they comply with rules you define (compliance)?

1 / 1
Select an answer
CorrectA

Explanation

Question Overview

Choosing the service that records resource configuration and evaluates compliance.

Requirements to satisfy
  • 1change history of AWS resource configurationsThe configuration state of resources is the target = Config
  • 2comply with rules you defineCompliance evaluation against defined rules
  • 3automatically evaluateContinuously check compliance status
Per-option explanation
ACorrect

AWS Config

Correct. AWS Config continuously records configuration changes to AWS resources and automatically evaluates whether they comply with rules you define (for example, whether encryption is enabled or whether something is publicly exposed). It is useful for configuration drift detection and compliance auditing.

BIncorrect

AWS CloudTrail

CloudTrail is a service that records the history of API operations.

Continuously evaluating whether resource configurations comply with rules is the role of Config, so it is incorrect.

CIncorrect

Amazon CloudFront

CloudFront is a CDN service that delivers content.

It does not record or evaluate the change history of resource configurations, so it is incorrect.

DIncorrect

Amazon Macie

Macie automatically scans for, detects, and classifies sensitive data (such as personal information) in S3.

It does not evaluate the compliance of resource configurations, so it is incorrect.

Key Takeaway

'Recording resource configuration' and 'evaluating compliance with rules' point to AWS Config. 'Recording API operations' is CloudTrail. Config = configuration (state) / CloudTrail = operations (actions) is a frequent contrast.

Related Links