AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

Which AWS service is used to track, record, and audit configuration changes made to AWS resources?

Real Exam

Community

RRitesh

Last updated: December 2, 2025 at 18:03

AWS Shield

AWS Config

AWS IAM

Amazon Inspector

Explanation:

AWS Config is the correct service for tracking, recording, and auditing configuration changes to AWS resources. Here's why:

Key Features of AWS Config:

Configuration History: Maintains a detailed history of configuration changes for AWS resources
Compliance Monitoring: Continuously monitors and records resource configurations
Change Tracking: Provides visibility into how resources are configured and how they change over time
Audit Trail: Creates an audit trail of configuration changes for security and compliance purposes

Why other options are incorrect:

AWS Shield: This is a managed DDoS protection service, not for configuration tracking
AWS IAM: Identity and Access Management service for controlling access to AWS resources, not for configuration change tracking
Amazon Inspector: Automated security assessment service that checks for security vulnerabilities, not for configuration change auditing

Use Cases for AWS Config:

Security Compliance: Ensure resources comply with security policies
Change Management: Track who made changes and when
Troubleshooting: Identify configuration changes that may have caused issues
Audit Requirements: Meet regulatory and compliance audit requirements

AWS Config helps organizations maintain visibility and control over their AWS resource configurations, making it essential for governance and compliance.

Powered ByGemini-3 Flash

Comments

Loading comments...