Q24 — AWS DOP-C02 Ch.1
Question 24 of 100 | ← Chapter 1
A DevOps team manages the company’s AWS accounts. The company wants to ensure automatic restoration of specific AWS resource configurations when changes occur.
- A. Use AWS Config rules to detect configuration changes. Configure a remediation action using an AWS Systems Manager Automation document to restore the configuration change. ✓
- B. Use Amazon CloudWatch alarms to monitor resource metrics. When an alarm activates, use an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators to manually restore the configuration change.
- C. Use AWS CloudFormation to create a stack that deploys the required configuration. Update the stack when configuration changes need to be restored.
- D. Use AWS Trusted Advisor to check for noncompliant configurations. Manually apply necessary changes based on Trusted Advisor recommendations.
Correct Answer: A. Use AWS Config rules to detect configuration changes. Configure a remediation action using an AWS Systems Manager Automation document to restore the configuration change.
Explanation
AWS Config continuously monitors and records resource configurations. When paired with a custom AWS Config rule and a Systems Manager Automation document as a remediation action, it enables fully automated, near real-time detection and restoration of noncompliant configurations — satisfying the requirement for automatic recovery. Option A integrates auditing (Config) and enforcement (Systems Manager) in a closed loop. Options B and D rely on manual intervention, violating 'automatic.' Option C uses CloudFormation for deployment but lacks continuous monitoring and reactive remediation — it requires manual stack updates and does not auto-detect drift.