Free AWS DOP-C02 Actual Exam Questions - Question 1 Discussion

It’s D because using EventBridge to catch the CreateAccount event and then triggering a Systems Manager Automation runbook gives a clear, automated way to enable AWS Config right after an account is made. Unlike Lambda (option A), Automation runbooks can handle more complex steps and error handling, making them better suited for this kind of setup. Options B and C miss the automatic trigger or don’t actually enable Config themselves, so they’re less complete solutions.

B tbh, stack sets are designed to handle automatic deployments across new accounts in an organization, which fits the scale here better than manual triggers or SCPs that don’t enable Config themselves.

Maybe D could work well too since using Systems Manager Automation triggered by EventBridge can provide a streamlined way to enable AWS Config right after account creation, avoiding manual steps.

Maybe A, since Lambda triggered by EventBridge can automate Config setup right after account creation.

B CloudFormation stack sets can automatically deploy AWS Config settings across new accounts as they’re created, making it scalable for hundreds of accounts. The other options seem more manual or incomplete.

B/D? I’m ruling out C because SCPs just restrict permissions, they don’t automate service setup like AWS Config enabling. A sounds interesting but enabling trusted access alone doesn’t fully set up AWS Config in new accounts. Between B and D, B uses CloudFormation stack sets which are designed for managing resources across multiple accounts and regions automatically, so that fits well with the requirement to enable AWS Config in all new accounts and OUs. D uses Systems Manager Automation triggered by EventBridge, which could work but seems more manual and less scalable than stack sets for this

It’s unclear if AWS Config aggregator is set up for consolidated view.