AWS Certified Solutions Architect – Associate (SAA-C02) — Question 139

A company is reviewing its AWS Cloud deployment to ensure its data is not accessed by anyone without appropriate authorization. A solutions architect is tasked with identifying all open Amazon S3 buckets and recording any S3 bucket configuration changes.
What should the solutions architect do to accomplish this?

Answer options

• A. Enable AWS Config service with the appropriate rules
• B. Enable AWS Trusted Advisor with the appropriate checks.
• C. Write a script using an AWS SDK to generate a bucket report
• D. Enable Amazon S3 server access logging and configure Amazon CloudWatch Events.

Correct answer: A

Explanation

The correct answer is A because AWS Config can monitor and record configuration changes, helping to identify open S3 buckets. Option B, while useful for general best practices, does not specifically track configuration changes. Option C requires manual scripting, which is not as efficient for this task. Option D provides access logging but does not track configuration changes effectively.