AWS Certified SysOps Administrator – Associate — Question 190

A company has turned on server access logging for all of its existing Amazon S3 buckets. The company wants to implement a solution to monitor the logging settings for new and existing S3 buckets. The solution must remediate any S3 buckets that do not have logging turned on.

What should a SysOps administrator do to meet these requirements in the MOST operationally efficient way?

Answer options

• A. Track the logging information by using AWS CloudTrail. Launch an AWS Lambda function for remediation.
• B. Configure automatic remediation in AWS Config by using the s3-bucket-logging-enabled rule.
• C. Configure AWS Trusted Advisor to monitor the logging configuration and to turn on access logging if necessary.
• D. Track the logging information by using Amazon CloudWatch metrics. Launch an AWS Lambda function for remediation.

Correct answer: B

Explanation

Option B is correct because AWS Config can automatically check and remediate the logging settings of S3 buckets, ensuring compliance efficiently. Options A and D involve manual intervention through Lambda functions, which increases operational overhead. Option C does not provide automated remediation and relies on manual checks, making it less efficient.