AWS DevOps Engineer Professional Practice Test

When setting up CloudTrail for an organization, what additional tool can help with compliance monitoring?

• A. AWS Inspector
• B. AWS Config with multi-account Aggregator
• C. AWS CloudFormation
• D. AWS Trusted Advisor

The correct answer is: AWS Config with multi-account Aggregator

Using AWS Config, especially with a multi-account aggregator, significantly enhances compliance monitoring when setting up CloudTrail for an organization. AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources. It provides a detailed view of the configuration history and changes over time, which is vital for understanding the state and compliance of your resources. When combined with a multi-account aggregator, AWS Config allows organizations to centralize compliance checks across all accounts in an AWS Organization. This centralized view is crucial for organizations operating in regulated environments that require maintaining strict compliance with various standards and frameworks. By aggregating compliance data, organizations can easily track compliance status, enforce policies, and identify non-compliant resources across their entire AWS footprint. In contrast, while AWS Inspector focuses on security assessments and vulnerabilities, it does not provide the comprehensive configuration history or compliance checking capabilities that AWS Config offers. AWS CloudFormation is primarily a management service for deploying resources using templates and does not function in compliance monitoring. AWS Trusted Advisor provides insights and best practices for account optimization but does not offer compliance monitoring functionalities. Hence, utilizing AWS Config with a multi-account aggregator is the most effective strategy for compliance monitoring when implementing CloudTrail in an organizational context.