AWS Certified Cloud Practitioner

AWS Config is the correct service for evaluating resource compliance against organizational standards and automatically remediating issues. Here's why:

• AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations
• It can automatically remediate non-compliant resources using AWS Config Rules
• Provides compliance history and detailed compliance reports

Why other options are incorrect:

• AWS CloudWatch (A): Primarily for monitoring and observability, not compliance evaluation
• AWS Systems Manager (C): Focuses on operational data and automation, but not specifically designed for compliance evaluation
• AWS Shield (D): A DDoS protection service, not related to compliance evaluation