Which TWO combinations correctly pair an AWS governance and auditing service with its role? (Choose TWO.)
Select the TWO correct pairings of AWS governance services and their roles.
AWS Artifact — records a history of API operations.
Recording a history of API operations is the role of AWS CloudTrail.
AWS Artifact is a portal for retrieving third-party compliance reports. The pairing is incorrect, so this is incorrect.
AWS CloudTrail — records API operations within an account for auditing.
Correct. AWS CloudTrail records who performed which API operations and is used for auditing and tracking.
AWS Config — records resource configuration changes and evaluates compliance against rules.
Correct. AWS Config records resource configuration changes and automatically evaluates compliance against defined rules.
AWS Trusted Advisor — creates and manages encryption keys.
Creating and managing encryption keys is the role of AWS KMS.
Trusted Advisor inspects the environment against best practices and provides recommendations. The pairing is incorrect, so this is incorrect.
AWS CloudTrail — detects and classifies sensitive data in S3.
Detecting and classifying sensitive data in S3 is the role of Amazon Macie.
CloudTrail records API operations. The pairing is incorrect, so this is incorrect.
Service roles: CloudTrail = records API operations / Config = records configuration changes and evaluates compliance / Artifact = retrieves certification reports / Trusted Advisor = best practice recommendations. The distinction between operations (CloudTrail) and configuration (Config) is especially common on the exam.