🔥 3-day streak
AWS Certified CloudOps Engineer - Associate16 / 159
Question 16 of 159

A CloudOps engineer must ensure that any S3 bucket created without default encryption is automatically remediated within minutes, with no human intervention. AWS Config already has a managed rule (s3-bucket-server-side-encryption-enabled) evaluating bucket compliance. The team wants a low-maintenance, event-driven solution that applies default encryption to noncompliant buckets. Which approach best meets these requirements?

Reviewed for accuracy · Report an issueNext question