🔥 3-day streak
AWS Certified CloudOps Engineer - Associate76 / 159
Question 76 of 159
A CloudOps engineer manages AWS Config across an organization. A security requirement mandates that data at rest in Amazon RDS must be encrypted using a customer managed KMS key rather than the default AWS managed key. The team already has an AWS Config rule detecting unencrypted RDS instances, but they now need automatic email alerts to the security team whenever any resource is evaluated as NON_COMPLIANT, without writing custom evaluation logic. Which approach meets this requirement with the least operational effort?
Reviewed for accuracy · Report an issueNext question