🔥 3-day streak
AWS Certified DevOps Engineer - Professional122 / 204
Question 122 of 204

A financial services company must prove to auditors that no member account in their AWS Organization can disable AWS Config recording or delete the organization CloudTrail trail without immediate detection and automatic re-enablement. Account administrators in member accounts currently hold broad IAM permissions that include config and cloudtrail actions. Which combination of controls BEST enforces this governance requirement with the least ongoing operational effort?

Reviewed for accuracy · Report an issueNext question