Question #1223
Which AWS service provides continuous monitoring and assessment of resource configurations to ensure compliance with internal policies and regulatory standards?
AWS CloudTrail
AWS Config
AWS Trusted Advisor
Amazon Inspector
Explanation
AWS Config is the correct answer because it continuously monitors and records AWS resource configurations, allowing users to assess compliance against internal policies and regulatory standards. It provides a detailed inventory of resources, tracks configuration changes over time, and evaluates configurations against custom or AWS-managed rules (e.g., checking if S3 buckets are encrypted).
Other options:
- A. AWS CloudTrail: Focuses on auditing API activity and user actions, not resource configurations.
- C. AWS Trusted Advisor: Offers recommendations for cost optimization, security, and performance based on AWS best practices, but does not monitor resource configurations continuously.
- D. Amazon Inspector: Performs automated security assessments for vulnerabilities in applications, not configuration compliance monitoring.
Key Points:
- AWS Config = Configuration compliance monitoring.
- CloudTrail = Activity/API logging.
- Trusted Advisor = Best practice recommendations.
- Inspector = Security vulnerability scanning.
Answer
The correct answer is: B