nerdexam
ExamsDOP-C02Questions#148
AmazonAmazon

DOP-C02 · Question #148

DOP-C02 Question #148: Real Exam Question with Answer & Explanation

The correct answer is C: Turn on the configuration recorder in AWS Config in all the AWS accounts to identify noncompliant. This solution meets all of the requirements. AWS Config can monitor resource configurations for compliance with defined rules. The use of AWS Security Hub allows for centralized management of security alerts and compliance checks across all accounts. AWS Config conformance packs

Submitted by krish.m· Mar 6, 2026Security & Compliance

Question

A company is using AWS to run digital workloads. Each application team in the company has its own AWS account for application hosting. The accounts are consolidated in an organization in AWS Organizations. The company wants to enforce security standards across the entire organization. To avoid noncompliance because of security misconfiguration, the company has enforced the use of AWS CloudFormation. A production support team can modify resources in the production environment by using the AWS Management Console to troubleshoot and resolve application-related issues. A DevOps engineer must implement a solution to identify in near real time any AWS service misconfiguration that results in noncompliance. The solution must automatically remediate the issue within 15 minutes of identification. The solution also must track noncompliant resources and events in a centralized dashboard with accurate timestamps. Which solution will meet these requirements with the LEAST development overhead?

Options

  • AUse CloudFormation drift detection to identify noncompliant resources. Use drift detection events from
  • BTurn on AWS CloudTrail in the AWS accounts. Analyze CloudTrail logs by using Amazon Athena to
  • CTurn on the configuration recorder in AWS Config in all the AWS accounts to identify noncompliant
  • DTurn on AWS CloudTrail in the AWS accounts. Analyze CloudTrail logs by using Amazon CloudWatch

Explanation

This solution meets all of the requirements. AWS Config can monitor resource configurations for compliance with defined rules. The use of AWS Security Hub allows for centralized management of security alerts and compliance checks across all accounts. AWS Config conformance packs allow for automated remediation of non-compliant resources. AWS Security Hub provides a comprehensive view of high-priority security alerts and compliance status across AWS accounts. This solution is also the one with the least development overhead as it uses built-in AWS services specifically designed for configuration management and compliance tracking.

Topics

#AWS Config#Compliance Monitoring#Security Misconfiguration#Configuration Drift

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full DOP-C02 PracticeBrowse All DOP-C02 Questions