AWS Certified Solutions Architect – Associate (SAA-C03) — Question 16

A company needs to review its AWS Cloud deployment to ensure that its Amazon S3 buckets do not have unauthorized configuration changes.
What should a solutions architect do to accomplish this goal?

Answer options

• A. Turn on AWS Config with the appropriate rules.
• B. Turn on AWS Trusted Advisor with the appropriate checks.
• C. Turn on Amazon Inspector with the appropriate assessment template.
• D. Turn on Amazon S3 server access logging. Configure Amazon EventBridge (Amazon Cloud Watch Events).

Correct answer: A

Explanation

The correct answer is A because AWS Config allows tracking of configuration changes and compliance with rules, making it suitable for monitoring unauthorized changes. Option B, AWS Trusted Advisor, provides best practice recommendations but does not specifically track configuration changes. Option C, Amazon Inspector, is focused on security assessments rather than configuration monitoring, and Option D, while useful for access logging, does not prevent unauthorized configuration changes.