Answer-first summary for fast verification
Answer: Amazon CloudWatch, AWS CloudTrail
## Explanation **Amazon CloudWatch** and **AWS CloudTrail** are the correct services for monitoring and retaining records of account activities related to governance, compliance, and auditing: ### Amazon CloudWatch - Provides monitoring and observability for AWS resources and applications - Collects and tracks metrics, collects and monitors log files - Sets alarms and automatically reacts to changes in AWS resources - Useful for operational monitoring and maintaining compliance ### AWS CloudTrail - Specifically designed for governance, compliance, and auditing - Records AWS API calls and account activity - Provides event history of AWS account activity - Enables security analysis, resource change tracking, and troubleshooting - Essential for compliance auditing and governance ### Why the other options are incorrect: **Amazon GuardDuty**: A threat detection service that continuously monitors for malicious activity and unauthorized behavior, but not primarily for activity logging and retention. **AWS Shield**: A managed DDoS protection service that safeguards applications running on AWS, not for activity monitoring and auditing. **AWS WAF**: A web application firewall that helps protect web applications from common web exploits, not designed for account activity monitoring and retention.
Author: Ritesh Yadav
Ultimate access to all questions.
AWS WAF
No comments yet.