After migrating to AWS, users are provisioning oversized Amazon EC2 instances and changing security group rules without following change control. A solutions architect must track and audit inventory and configuration changes. Which actions should the architect take? (Choose two.)
Choose an answer
Tap an option to check your answer.
Correct answer: Enable AWS CloudTrail and use it for auditing., Enable AWS Config and create rules for auditing and compliance purposes..
Why this is the answer
AWS CloudTrail records API calls and related events made in your AWS account, providing an audit trail of actions taken by users, roles, or AWS services. This helps track who made changes to security groups or launched EC2 instances. AWS Config continuously monitors and records your AWS resource configurations, allowing you to assess, audit, and evaluate the configurations of your AWS resources. It can detect when EC2 instances are oversized or when security group rules are changed, and you can create rules to enforce compliance. Data lifecycle policies for EC2 instances manage snapshots or AMIs, not configuration changes. AWS Trusted Advisor provides recommendations for cost optimization, security, and performance, but it doesn't track individual configuration changes or provide an audit trail. Restoring configurations with CloudFormation is a remediation step, not a solution for tracking and auditing changes.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed