AWS Certified SysOps Administrator – Associate — Question 18

A SysOps administrator has enabled AWS CloudTrail in an AWS account. If CloudTrail is disabled, it must be re-enabled immediately.
What should the SysOps administrator do to meet these requirements WITHOUT writing custom code?

Answer options

• A. Add the AWS account to AWS Organizations. Enable CloudTrail in the management account.
• B. Create an AWS Config rule that is invoked when CloudTrail configuration changes. Apply the AWS-ConfigureCloudTrailLogging automatic remediation action.
• C. Create an AWS Config rule that is invoked when CloudTrail configuration changes. Configure the rule to invoke an AWS Lambda function to enable CloudTrail.
• D. Create an Amazon EventBridge (Amazon CloudWatch Event) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail.

Correct answer: B

Explanation

The correct answer is B because creating an AWS Config rule with the AWS-ConfigureCloudTrailLogging remediation action allows for automatic re-enablement of CloudTrail without custom code. Options A, C, and D involve additional steps or require custom code, which do not satisfy the requirement to avoid writing custom code.