AWS DevOps Engineer Professional Practice Test 2025 - Free DevOps Practice Questions and Certification Study Guide

AWS Config is the correct tool for monitoring and auditing changes to AWS resources. It enables you to assess, audit, and evaluate the configurations of your AWS resources by providing detailed visibility into their configuration history. This service automatically records configuration changes and keeps a history of resource configurations, allowing you to understand how configurations change over time and ensure compliance with internal policies or regulatory standards.

Using AWS Config, you can set up rules to evaluate the configurations of your AWS resources continuously, which helps in establishing compliance and governance. If a resource configuration deviates from the desired state or a matching rule, AWS Config can notify you and even trigger corrective actions.

Other tools listed serve different purposes: AWS Inspector focuses on security assessments, identifying vulnerabilities in your applications; AWS Trusted Advisor provides best practice recommendations to improve account security, performance, and cost optimization. AWS Lambda is a serverless compute service that allows you to run code in response to events, but does not specifically audit or monitor changes to AWS resources.