Q62 — AWS SAA-C03 Ch.1
Question 62 of 65 | ← Chapter 1
Q62. A company hosts its multi-tier applications on AWS.For compliance, governance, auditing, and security, the company must track configuration changes on its AWS resources and record a history of API calls made o these resources. What should a solutions architect do to meet these requirements?
- A. Use AWS CloudTrail to track configuration changes and AWS Config to record API calls
- B. Use AWS Config to track configuration changes and AWS CloudTrail to record API calls ✓
- C. Use AWS Config to track configuration changes and Amazon CloudWatch to record API calls
- D. Use AWS CloudTrail to track configuration changes and Amazon CloudWatch to record API calls
Correct Answer: B. Use AWS Config to track configuration changes and AWS CloudTrail to record API calls
Explanation
To meet the requirements of tracking configuration changes on AWS resources and recording a history of API calls, a solutions architect should: B. Use AWS Config to track configuration changes and AWS CloudTrail to record API calls. Here's why this option is the correct choice: \1. AWS Config: AWS Config is a service that enables the assessment, auditing, and tracking of resource configurations and changes in your AWS environment. It provides a detailed inventory of AWS resources and records configuration changes over time. With AWS Config, you can track and monitor the state of your resources and gain visibility into configuration drifts and compliance violations. \2. AWS CloudTrail: AWS CloudTrail is a service that logs and records API activity and events in your AWS account. It captures all API calls made to AWS services, including the identity of the caller, the time of the call, the source IP address, and the request parameters. By enabling AWS CloudTrail, you can have a complete audit trail of API activities, which is crucial for compliance, governance, and security purposes. Option A, using AWS CloudTrail to track configuration changes and AWS Config to record API calls, is incorrect because AWS CloudTrail is primarily used for recording API calls, not tracking configuration changes. AWS Config, on the other hand, is specifically designed for tracking and managing resource configurations. Option C, using AWS Config to track configuration changes and Amazon CloudWatch to record API calls, is incorrect because Amazon CloudWatch is primarily a monitoring service and does not provide the same level of detailed logging and auditing capabilities as AWS CloudTrail for API calls. Option D, using AWS CloudTrail to track configuration changes and Amazon CloudWatch to record API calls, is incorrect because AWS CloudTrail is not designed for tracking configuration changes, and Amazon CloudWatch does not provide the same level of detailed logging and auditing capabilities as AWS CloudTrail. Therefore, option B (Use AWS Config to track configuration changes and AWS CloudTrail to record API calls) is the correct choice to meet the requirements of tracking configuration changes and recording API calls on AWS resources.