AWS Certified Cloud Practitioner (CLF-C02) — Question 609

A company has a compliance requirement to record and evaluate configuration changes, as well as perform remediation actions on AWS resources.

Which AWS service should the company use?

Answer options

• A. AWS Config
• B. AWS Secrets Manager
• C. AWS CloudTrail
• D. AWS Trusted Advisor

Correct answer: A

Explanation

AWS Config is designed specifically to record, evaluate, and audit the configurations of AWS resources, and it supports automated remediation through AWS Systems Manager. AWS CloudTrail tracks user activity and API usage rather than resource configuration state, while AWS Secrets Manager and AWS Trusted Advisor serve different purposes such as secrets management and best-practice recommendations.