AWS Certified Advanced Networking – Specialty ANS-C00 – Question339

You are architecting your e-business application for PCI compliance. To meet the compliance requirements, you need to monitor web application logs to identify any malicious activity. You also need to monitor for remote attempts to change the network interface of web instances.
Which two AWS services will be helpful to achieve this goal?

A.
Amazon CloudWatch Logs and VPC Flow Logs
B. AWS CloudTrail and VPC Flow Logs
C. AWS CloudTrail and CloudWatch Logs
D. AWS CloudTrail and AWS Config

Correct Answer: C

Explanation:

Explanation:
Web application logs are internal to the operating system, so the only way to monitor them with an AWS service is to export them using CloudWatch Logs. AWS CloudTrail monitors the API activity and can be used to watch for particular API calls. The correct answer is the only one that references both these services.