Detect configuration drift and vulnerabilities that could permit unauthorized access is the correct choice.

Continuous configuration monitoring is designed to detect deviations from approved baselines and to surface misconfigurations or missing patches that create security gaps. In this scenario the database node the application server and the web tier are all on the internal network and continuous monitoring helps identify unauthorized changes or newly introduced vulnerabilities so they can be remediated before an attacker exploits them.

Security Command Center is incorrect because it names a specific product or tool and does not describe the principal advantage of continuous configuration monitoring itself. The question asks for the core benefit and not for a vendor solution.

Remove the need for scheduled compliance audits is incorrect because continuous monitoring complements audits but does not eliminate them. Scheduled audits provide point in time evidence and formal attestations that organizations still need for compliance programs.

Maintain optimal system performance and resource efficiency is incorrect because while configuration monitoring can reveal performance related misconfigurations the primary objective is reducing security risk and detecting vulnerabilities rather than optimizing resource efficiency.

Full AWS Practitioner Certification Question