ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization runs production workloads in AWS and must prove during quarterly security audits that every change to resource configurations (for example, S3 bucket ACLs and security-group rules) has been recorded and automatically evaluated against the company's approved baseline for the past 12 months. Which AWS service should you enable to most effectively meet this compliance-verification requirement?
AWS Config continuously records the configuration state of supported AWS resources, stores historical snapshots for as long as you choose, and evaluates each change against rules or conformance packs that map to organizational or regulatory requirements. This enables auditors to verify that resources remained compliant (or to see exactly when they drifted) throughout the requested 12-month period.
CloudTrail records API calls but not the resulting resource configurations and retains only 90 days of event history by default.
GuardDuty focuses on threat detection and does not perform configuration compliance checks.
CloudWatch Logs ingests log data but does not automatically track or evaluate resource configurations. Therefore, AWS Config with conformance packs is the most appropriate choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are AWS Config conformance packs?
Open an interactive chat with Bash
How does AWS Config differ from AWS CloudTrail?
Open an interactive chat with Bash
What is the purpose of Amazon GuardDuty if it doesn't track compliance?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .