Exam AWS Certified Cloud Practitioner topic 1 question 99 discussion

From the Security section of https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf " • Enable traceability: Monitor, alert, and audit actions and changes to your environment in real time. Integrate log and metric collection with systems to automatically investigate and take action."

A is correct.

Performance Efficiency vs. Security: While Performance Efficiency focuses on optimizing cloud resources for performance, Security involves safeguarding data, systems, and applications by continuously monitoring and auditing for vulnerabilities, misconfigurations, and other risks. AWS Config and Its Relationship with Security: AWS Config helps you record and track the configuration of AWS resources, and it also evaluates changes to ensure compliance with security and operational best practices. The primary goal is to audit changes to resources, ensuring that your environment remains secure and compliant with established policies.

Security

Using AWS Config to record, audit, and evaluate changes to AWS resources to enable traceability aligns with the "Operational Excellence" pillar of the AWS Well-Architected Framework. The Operational Excellence pillar focuses on the ability to run and monitor systems to deliver business value, and continually improve processes and procedures. AWS Config helps in achieving this by providing a detailed record of configuration changes to AWS resources, enabling auditability, compliance, and governance. It allows organizations to maintain a complete inventory of their AWS resources and track changes over time, facilitating operational excellence through enhanced visibility and control.

Maintaining Traceability is one of the security best practices.

A is correct

This paper has been archived. The latest version is available at: https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html

son sistemas deseguridad no de excelencia operativa

Both the Security and Operational Excellence pillars of the AWS Well-Architected Framework can have relevance to the use of AWS Config, depending on the specific context. Security Pillar: AWS Config is valuable for ensuring resources are compliant with security best practices and policies. It assists in detecting drifts from the baseline and can help spot potential security vulnerabilities. From the perspective of maintaining a security posture and ensuring compliance, AWS Config aligns with the Security pillar. Operational Excellence Pillar: AWS Config also plays a role in the continuous monitoring and refinement of operations. Knowing the state of resources, understanding changes, and being able to trace these changes over time can support operational best practices. If the primary goal is to provide traceability, monitor changes, and ensure that the operations are running according to defined standards, then AWS Config can indeed be associated with the Operational Excellence pillar.

search for AWS Config to find out its usage. https://docs.aws.amazon.com/pdfs/wellarchitected/latest/operational-excellence-pillar/wellarchitected-operational-excellence-pillar.pdf

A is correct.

I think the key word is `traceability`, therefore the answer must be A.Security.

Using AWS Config to record, audit, and evaluate changes to AWS resources aligns with the Security pillar of the AWS Well-Architected Framework. The Security pillar focuses on protecting information, systems, and assets while maintaining data confidentiality, integrity, and availability. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources over time. It records changes to resource configurations and provides a detailed view of how the configurations are aligned with best practices and desired configurations. By using AWS Config, you can track and maintain traceability of changes to your resources, helping to enforce security controls, detect unauthorized changes, and ensure compliance with security requirements.

Read through https://aws.amazon.com/config/

A. Security

B. Network ACL