Which of the following is NOT a best practice for carrying out a security audit?

Answer options:

A.Only conduct an audit periodically.
B.Conduct an audit if application instances have been added to your account.
C.Conduct an audit if you ever suspect that an unauthorized person might have accessed your account.
D.Wherever there are changes in your organization, such as people leaving.

Answer – A
The AWS Documentation mentions the following
You should audit your security configuration in the following situations:
On a periodic basis.
If there are changes in your organization, such as people leaving.
If you have stopped using one or more individual AWS services. This is important for removing permissions that users in your account no longer need.
If you`ve added or removed software in your accounts, such as applications on Amazon EC2 instances, AWS OpsWorks stacks, AWS CloudFormation templates, etc.
If you ever suspect that an unauthorized person might have accessed your account.
Option B is invalid because conducting audits when new instances are added to your account is good security practice.
Option C is invalid because if you feel unauthorized access has occurred for your account, then, by all means, conduct a security audit
Option D is invalid because whenever there are any sort of changes in an organization, you should conduct a security audit
For more information on Security Audit guideline, please visit the below URL
https://docs.aws.amazon.com/general/latest/gr/aws-security-audit-guide.html