Always Enable Logging for S3 Buckets

Answer: B.

Option A is incorrect because AWS Inspector cannot be used to monitor S3 buckets.

Option B is CORRECT because you can add the AWS Config managed rule "S3_BUCKET_LOGGING_ENABLED" to your account to check whether your Amazon S3 buckets have logging enabled.

Options C and D are incorrect because CloudWatch cannot be used to check if logging is enabled for S3 buckets.

For more information on Config Rules, please see the below Link:

The correct answer to this question is B. Use AWS Config Rules to check whether logging is enabled for buckets.

AWS Config is a service that enables you to assess, audit, and evaluate the configuration of your AWS resources continuously. AWS Config Rules is a feature of AWS Config that allows you to define rules that automatically check the configuration of your AWS resources for compliance with specific policies.

Using AWS Config Rules, you can define a rule that checks whether S3 bucket logging is enabled for all S3 buckets in your AWS account. If a bucket is found without logging enabled, AWS Config Rules can automatically create an SNS notification or send an email alert to the concerned team to take the necessary action.

In contrast, the other answer choices are incorrect because:

A. AWS Inspector is a service that automatically assesses applications for security vulnerabilities. It does not apply to S3 bucket logging.

C. AWS CloudWatch is a monitoring and observability service that provides you with data and actionable insights to monitor your AWS resources, applications, and services. It does not apply to S3 bucket logging.

D. AWS CloudWatch Logs is a service that enables you to monitor, store, and access your log files from Amazon EC2 instances, AWS CloudTrail, and other sources. It does not apply to S3 bucket logging.