Security in Amazon Web Services (CISN 74A) Practice Test

AWS Config is the service that facilitates continuous assessment checks on AWS resources for compliance. It provides the ability to evaluate the configurations of your AWS resources against desired configurations as defined by compliance frameworks or organizational policies. By using AWS Config, you can monitor changes to resource configurations over time, track compliance against established specifications, and trigger notifications or remediation actions when configurations deviate from compliance standards.

This service is essential for maintaining governance and compliance in cloud environments, especially since resources can frequently change due to automated processes or user actions. It not only helps in identifying non-compliant resources but also provides detailed historical records of configurations, which can be invaluable for audits and compliance reporting.

While other services like Amazon CloudWatch focus on monitoring and logging operational metrics, and Amazon Inspector is geared toward security assessments of application vulnerabilities, they do not primarily focus on compliance checks for resource configurations over time. AWS Shield is focused on DDoS protection, which is not related to compliance assessments. Therefore, AWS Config stands out as the appropriate choice for running continuous compliance assessments on AWS resources.