AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 301

A DevOps team manages a company's AWS account. The company wants to ensure that specific AWS resource configuration changes are automatically reverted.

Which solution will meet this requirement?

Answer options

• A. Use AWS Config rules to detect changes in resource configurations. Configure remediation action that uses AWS Systems Manager Automation documents to revert the configuration changes.
• B. Use Amazon CloudWatch alarms to monitor resource metrics. When an alarm is activated, use an Amazon Simple Notification Service (Amazon SNS) topic to notify an administrator to manually reverts the configuration changes.
• C. Use AWS CloudFormation to create a stack that deploys the necessary configuration changes. Update the stack when configuration changes need to be reverted.
• D. Use AWS Trusted Advisor to check for noncompliant configurations. Manually apply necessary changes based on Trusted Advisor recommendations.

Correct answer: A

Explanation

AWS Config rules can continuously evaluate resource configurations, and assigning an AWS Systems Manager Automation document as a remediation action allows unauthorized changes to be reverted automatically. The other options are incorrect because they rely on manual intervention, such as manual updates or manual remediation based on notifications or recommendations, which fails to meet the requirement for automatic reversion.