Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 34 discussion

CloudTrail - Track user activity and API call history. Config - Assess, audits, and evaluates the configuration and relationships of tag resources. Therefore, the answer is B

Use AWS Config for resource configuration tracking and AWS CloudTrail for API call logging — the best practice combo for governance, compliance, and auditing on AWS.

AWS Config for configuration changes and AWS CloudTrail for API activities.

Selected Answer: B

Config = Governance, auditing of AWS resource CloudTrail = API call tracking B is correct

Answer-B

Correct Answer- Option B. Here's why AWS Config for Configuration Changes: AWS Config is a service that tracks changes to resource configurations over time. It provides a history of configuration changes to your AWS resources and helps with compliance and auditing by allowing you to assess how resource configurations have changed over time. AWS CloudTrail for API Calls: AWS CloudTrail is designed specifically for recording API calls made to AWS resources. It captures detailed information about who made each API call, the actions taken, and the resources affected. This is essential for auditing and security purposes.

Correct Answer- Option B. Here's why AWS Config for Configuration Changes: AWS Config is a service that tracks changes to resource configurations over time. It provides a history of configuration changes to your AWS resources and helps with compliance and auditing by allowing you to assess how resource configurations have changed over time. AWS CloudTrail for API Calls: AWS CloudTrail is designed specifically for recording API calls made to AWS resources. It captures detailed information about who made each API call, the actions taken, and the resources affected. This is essential for auditing and security purposes. While Amazon CloudWatch can be used to monitor and gather metrics, it is not designed for recording API calls or tracking configuration changes. AWS Config and AWS CloudTrail are purpose-built for these specific tasks and are the best services to use for the described requirements.

Although tracking configuration changes and recording API calls are not intended uses for Amazon CloudWatch, it can be utilized for monitoring and collecting data. AWS CloudTrail and AWS Config are purpose-built for these specific tasks and are the best services to use for the described requirements.

CloudWatch is a monitoring service for AWS resources and applications. CloudTrail is a web service that records API activity in your AWS account.

CONFIG - AWS CONFIG RECORD API CALLS - CLOUDTRAIL

CloudWatch is mainly uesd to monitor AWS services with metrics, not recoding actions inside the AWS environments. It can also monitor CloudTrail logged events. For recording API calls it requires CloudTrail.

Keyword "Amazon CloudWatch" is not for this case, remove C and D. Use AWS Config first to track configuration changes, Second is AWS CloudTrai to record API calls. (Answer B, and correct answer). Answer A is reversed order of B, and not accepted.

Option B is the right answer for this.

B is the answer with no doubts

config => AWS config record API calls => AWS CloudTrail

To meet the requirement of tracking configuration changes on AWS resources and recording a history of API calls, a solutions architect should recommend option B: Use AWS Config to track configuration changes and AWS CloudTrail to record API calls. Option A (using CloudTrail to track configuration changes and Config to record API calls) is incorrect because CloudTrail is specifically designed to capture API call history, while Config is designed for tracking configuration changes. Option C (using Config to track configuration changes and CloudWatch to record API calls) is not the recommended approach. While CloudWatch can be used for monitoring and logging, it does not provide the same level of detail and compliance tracking as CloudTrail for recording API calls. Option D (using CloudTrail to track configuration changes and CloudWatch to record API calls) is not the optimal choice because CloudTrail is the appropriate service for tracking configuration changes, while CloudWatch is not specifically designed for recording API call history.