AWS DevOps Engineer Professional DOP-C01 – Question146

A company uses Amazon S3 to store proprietary information. The Development team creates buckets for new projects on a daily basis. The Security team wants to ensure that all existing and future buckets have encryption, logging, and versioning enabled. Additionally, no buckets should ever be publicly read or write accessible.
What should a DevOps Engineer do to meet these requirements?

A.
Enable AWS CloudTrail and configure automatic remediation using AWS Lambda.
B. Enable AWS Config rules and configure automatic remediation using AWS Systems Manager documents.
C. Enable AWS Trusted Advisor and configure automatic remediation using Amazon CloudWatch Events.
D. Enable AWS Systems Manager and configure automatic remediation using Systems Manager documents.