Q61 — AWS SCS-C02 Ch.1
Question 61 of 100 | ← Chapter 1
A security engineer wants to evaluate configuration changes to a specific AWS resource to ensure that the resource meets compliance standards.However,the security engineer is concerned about a situation in which several confguration changes are made to the resource in quick succession.The security engineer wants to record onlythe latest configuration of that resource to indicate the cumulative impact of the set of changes. Which solution will meet this requirement in the MOST operationally efficient way?
- A. Use AWS CloudTrail to detect the configuration changesbyfitering APl call to monitor the changes.Use the most recent APl call to indicate the cumulative impact of multiple calls.
- B. Use AWS Config to detect the configuration changes and to record the latest configuration in case of multiple configuration changes. ✓
- C. Use Amazon CloudWatch to detect the configuration changes by filtering API calls to monitor the changes. Use the most recent APl call to indicate the cumulative impact of multiple calls.
- D. Use AWS Cloud Map to detect the configuration changes.Generate a report of configuration changes from AWS Cloud Map to track the latest state by using a sliding time window.
Correct Answer: B. Use AWS Config to detect the configuration changes and to record the latest configuration in case of multiple configuration changes.
Explanation
AWS Config 是专为监控和记录 AWS 资源配置变更设计的服务,可自动捕获资源配置的当前状态与历史变更。当资源在短时间内经历多次配置修改时,AWS Config 能够有效识别这些变更,并仅保留和展示资源的最新配置状态,从而直观反映所有变更的累积效果,满足合规评估需求且操作高效。