Logo
AWS Certified Cloud Practitioner / Question #874 of 719

Question #874

Which AWS service enables users to track changes to resource configurations and assess compliance with policies over time?

A

AWS CloudTrail
B

Amazon Inspector
C

AWS WAF
D

AWS Config

Explanation

AWS Config (D) is designed to monitor and record resource configurations, allowing users to track changes and evaluate compliance against predefined rules. It provides a detailed history of configuration changes and generates compliance reports, which is critical for auditing and governance.

Why other options are incorrect:
- A. AWS CloudTrail: Focuses on logging API calls and user activity for auditing, not resource configurations or compliance.
- B. Amazon Inspector: Performs automated security assessments for vulnerabilities, unrelated to configuration tracking.
- C. AWS WAF: A web application firewall that protects against web exploits, not configuration management.

Key Points:
- AWS Config = Configuration tracking + Compliance assessment.
- CloudTrail = API/User activity auditing.
- Inspector = Security vulnerability scanning.
- WAF = Web traffic filtering.

Answer

The correct answer is: D