AIncorrect
Amazon CloudWatch
CloudWatch collects metrics and logs to monitor resource performance.
Recording who performed an API operation is the role of CloudTrail; the purpose is different, so it is incorrect.
Which service records who performed which API operation, when, and against which AWS resource, so that you can audit and trace it afterward?
1 / 1
Select an answer
CorrectC
Explanation
Choosing the service that records and audits API operation history.
- 1「which API operation」Records operation history at the API level = CloudTrail
- 2「who performed」Trace the actor and time
- 3「audit and trace」Follow the trail afterward
BIncorrect
AWS Artifact
Artifact is a portal for obtaining third-party audit/compliance reports (such as SOC 2 and ISO 27001 — documents in which an independent auditor has verified and certified AWS's security and compliance posture).
It does not record API operations in your account, so it is incorrect.
CCorrect
AWS CloudTrail
Correct. AWS CloudTrail records the API operations performed in your account (who, when, against what, and which operation). It can trace activity via the Management Console, CLI, and SDK, and is used for security analysis, auditing, and change tracking.
DIncorrect
AWS WAF
WAF is a service that blocks web attacks.
It does not record the history of API operations, so it is incorrect.
Key Takeaway
'Who, when, which API operation' points to AWS CloudTrail (the audit log of operations). Performance/metrics monitoring is CloudWatch, and tracking resource configuration is Config — keep the roles separate.