AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Turn on AWS Config with the appropriate rules.

## Explanation **AWS Config** is the correct solution for monitoring configuration changes to AWS resources, including Amazon S3 buckets. Here's why: ### Why AWS Config is the right choice: 1. **Configuration Tracking**: AWS Config continuously monitors and records configuration changes to AWS resources 2. **Compliance Rules**: You can create AWS Config rules to evaluate whether your S3 bucket configurations comply with desired settings 3. **Change Notifications**: AWS Config can send notifications when unauthorized configuration changes occur 4. **Historical Configuration**: It maintains a history of configuration changes, allowing you to see what changed, when, and by whom ### Why other options are not optimal: **Option B - AWS Trusted Advisor**: - Provides best practice recommendations and cost optimization - Not designed for real-time monitoring of configuration changes - Checks are periodic, not continuous **Option C - Amazon Inspector**: - Security assessment service for EC2 instances and container images - Focuses on vulnerability assessment, not configuration monitoring - Not designed for S3 bucket configuration tracking **Option D - S3 Server Access Logging + EventBridge**: - S3 server access logging tracks object-level access (GET, PUT, DELETE operations) - Does not monitor bucket configuration changes (like bucket policies, CORS settings, versioning, etc.) - EventBridge can react to events but doesn't provide the comprehensive configuration monitoring that AWS Config offers ### Best Practice Implementation: To properly monitor S3 bucket configurations: 1. Enable AWS Config in the region where your S3 buckets are located 2. Create AWS Config rules specific to S3 (e.g., `s3-bucket-public-read-prohibited`, `s3-bucket-public-write-prohibited`) 3. Configure AWS Config to send notifications via Amazon SNS when non-compliant changes are detected 4. Use AWS Config's compliance dashboard to view the compliance status of all your S3 buckets This approach provides continuous monitoring, automated compliance checking, and alerting for unauthorized configuration changes to S3 buckets.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Turn on AWS Config with the appropriate rules.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company needs to review its AWS Cloud deployment to ensure that its Amazon S3 buckets do not have unauthorized configuration changes.

What should a solutions architect do to accomplish this goal?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Turn on AWS Config with the appropriate rules.

Turn on AWS Trusted Advisor with the appropriate checks.

Turn on Amazon S3 server access logging. Configure Amazon EventBridge (Amazon CloudWatch Events).

AWS Certified Solutions Architect - Associate

Get started today

Quick Answer

Quick Answer

Comments (0)

Get started today

Comments (0)

A company needs to review its AWS Cloud deployment to ensure that its Amazon S3 buckets do not have unauthorized configuration changes. What should a solutions architect do to accomplish this goal?

A company needs to review its AWS Cloud deployment to ensure that its Amazon S3 buckets do not have unauthorized configuration changes.

What should a solutions architect do to accomplish this goal?