A company uses Amazon S3 to store proprietary information. The Development team creates buckets for new projects on a daily basis. The Security team wants to ensure that all existing and future buckets have encryption, logging, and versioning enabled. Additionally, no buckets should ever be publicly read or write accessible. What should a DevOps Engineer do to meet these requirements?
A) Enable AWS CloudTrail and configure automatic remediation using AWS Lambda.
B) Enable AWS Config rules and configure automatic remediation using AWS Systems Manager documents.
C) Enable AWS Trusted Advisor and configure automatic remediation using Amazon CloudWatch Events.
D) Enable AWS Systems Manager and configure automatic remediation using Systems Manager documents.

Question

Quizplus · Accepted Answer

AWS Config rules can be used to evaluate the configuration settings of AWS resources, including S3 buckets, to ensure they comply with specified requirements such as encryption, logging, versioning, and access policies. Automatic remediation can be configured using AWS Systems Manager documents to enforce compliance.

A Company Uses Amazon S3 to Store Proprietary Information