AWS Certified Solutions Architect - Associate

Explanation

Correct Answer: B

AWS Config is designed to track configuration changes on AWS resources. It provides a detailed inventory of AWS resources and their configuration history, allowing you to assess compliance with internal policies and track how resources change over time.

AWS CloudTrail is designed to record API calls made to AWS services. It logs all API activity, providing a history of who did what, when, and from where, which is essential for security analysis, resource change tracking, and compliance auditing.

Why the other options are incorrect:

• Option A: Reverses the correct services - CloudTrail is for API calls, not configuration changes, and Config is for configuration changes, not API calls.
• Option C: Uses CloudWatch instead of CloudTrail for API calls. While CloudWatch can monitor metrics and logs, it doesn't specifically record API call history like CloudTrail does.
• Option D: Uses CloudTrail for configuration changes (incorrect) and CloudWatch for API calls (incorrect). CloudTrail records API calls, not configuration changes, and CloudWatch doesn't provide comprehensive API call history.

Key Service Functions:

• AWS Config: Configuration management, compliance auditing, resource inventory
• AWS CloudTrail: API activity logging, security analysis, compliance auditing
• Amazon CloudWatch: Monitoring, metrics collection, log aggregation

This combination provides comprehensive visibility for compliance, governance, auditing, and security requirements.