A company wants to improve operational excellence by automatically remediating non-compliant AWS resources. For example, if an S3 bucket is created without public access block enabled, it should be automatically corrected. Which solution achieves this?

Answer options:

Use AWS CloudTrail to trigger an AWS Lambda function that deletes the bucket.

Use AWS Config rules to detect non-compliance and trigger AWS Systems Manager Automation documents for remediation.

Use Amazon GuardDuty to detect the misconfiguration and block access via WAF.

Use AWS Trusted Advisor to automatically apply the correct settings.

How to approach this question

Identify the service for configuration tracking (Config) and the service for automated operational tasks (Systems Manager).

Full Answer

B.Use AWS Config rules to detect non-compliance and trigger AWS Systems Manager Automation documents for remediation.✓ Correct

AWS Config continuously monitors resource configurations. When a resource violates a rule, Config can trigger an SSM Automation document to automatically fix the issue.

Common mistakes

Choosing CloudTrail + Lambda, which requires custom coding and maintenance.

Question 10 All questions Question 12

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 1

75 questions · hints · full answers · grading

More questions from this exam

Q01An enterprise has 50 VPCs across two AWS Regions. They need to establish transitive routing betwe...Hard Q02A company uses AWS Organizations. The security team wants to ensure that no IAM user or role can ...Medium Q03An application requires a relational database with an RPO of 1 second and an RTO of less than 1 m...Hard Q04A company is setting up a new multi-account environment. They want to automate the provisioning o...Medium Q05An organization wants to allocate AWS costs to specific business units. They use AWS Organization...Hard

View all 75 questions →