Answer: Use AWS Config to track configuration changes and AWS CloudTrail to record API calls.

## Explanation **Correct Answer: B** **AWS Config** is designed to track configuration changes on AWS resources. It provides a detailed inventory of AWS resources and their configuration history, allowing you to assess compliance with internal policies and track how resources change over time. **AWS CloudTrail** is designed to record API calls made to AWS services. It logs all API activity, providing a history of who did what, when, and from where, which is essential for security analysis, resource change tracking, and compliance auditing. **Why the other options are incorrect:** - **Option A**: Reverses the correct services - CloudTrail is for API calls, not configuration changes, and Config is for configuration changes, not API calls. - **Option C**: Uses CloudWatch instead of CloudTrail for API calls. While CloudWatch can monitor metrics and logs, it doesn't specifically record API call history like CloudTrail does. - **Option D**: Uses CloudTrail for configuration changes (incorrect) and CloudWatch for API calls (incorrect). CloudTrail records API calls, not configuration changes, and CloudWatch doesn't provide comprehensive API call history. **Key Service Functions:** - **AWS Config**: Configuration management, compliance auditing, resource inventory - **AWS CloudTrail**: API activity logging, security analysis, compliance auditing - **Amazon CloudWatch**: Monitoring, metrics collection, log aggregation This combination provides comprehensive visibility for compliance, governance, auditing, and security requirements.

Author: LeetQuiz Editorial Team