Answer: AWS Config

AWS Config is the correct service for evaluating resource compliance against organizational standards and automatically remediating issues. Here's why: **AWS Config**: - Continuously monitors and records AWS resource configurations - Allows you to define compliance rules (Config Rules) that check if resources comply with your organizational standards - Provides automatic remediation capabilities through AWS Config Remediation Actions - Helps with compliance auditing, security analysis, and change management **Why other options are incorrect**: - **AWS CloudWatch**: Primarily for monitoring and observability (metrics, logs, alarms) - **AWS Systems Manager**: For operational management and automation, but not specifically designed for compliance evaluation against standards - **AWS Shield**: AWS's DDoS protection service, not related to compliance evaluation AWS Config's key features include: 1. **Configuration History**: Track changes to AWS resources over time 2. **Config Rules**: Define rules to evaluate resource compliance 3. **Compliance Dashboard**: View compliance status across resources 4. **Remediation Actions**: Automatically fix non-compliant resources 5. **Integration**: Works with AWS Security Hub and other security services

Author: Ritesh Yadav