The correct answer is Perform periodic security control assessments.

Perform periodic security control assessments is the right choice because continuous monitoring depends on ongoing validation. Regular assessments detect control drift and configuration changes and they confirm that technical and administrative controls are operating as intended. These assessments should use a mix of automated telemetry and targeted manual testing and they should be scheduled based on risk and criticality.

Delay evaluation until the annual audit is incorrect because waiting until an annual audit lets vulnerabilities and misconfigurations persist for long periods. Continuous monitoring requires more frequent checks to find and fix problems quickly.

Rely exclusively on Cloud Security Command Center is incorrect because a single tool cannot validate all control objectives by itself. Tools provide useful telemetry and alerts but they must be supplemented with control assessments, manual verification, and policy reviews to prove effectiveness.

Assess controls only after a security incident is incorrect because reactive assessments do not prevent incidents and they fail to demonstrate ongoing compliance. Proactive periodic assessments reduce risk and help avoid incidents before they happen.

Full AWS Practitioner Certification Question