Q24 — AWS DOP-C02 Ch.1

Question 24 of 100 | ← Chapter 1

A DevOps team manages the company’s AWS accounts. The company wants to ensure automatic restoration of specific AWS resource configurations when changes occur.

Correct Answer: A. Use AWS Config rules to detect configuration changes. Configure a remediation action using an AWS Systems Manager Automation document to restore the configuration change.

Explanation

AWS Config continuously monitors and records resource configurations. When paired with a custom AWS Config rule and a Systems Manager Automation document as a remediation action, it enables fully automated, near real-time detection and restoration of noncompliant configurations — satisfying the requirement for automatic recovery. Option A integrates auditing (Config) and enforcement (Systems Manager) in a closed loop. Options B and D rely on manual intervention, violating 'automatic.' Option C uses CloudFormation for deployment but lacks continuous monitoring and reactive remediation — it requires manual stack updates and does not auto-detect drift.