AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 323
You are architecting your e-business application for PCI compliance. To meet the compliance requirements, you need to monitor web application logs to identify any malicious activity. You also need to monitor for remote attempts to change the network interface of web instances.
Which two AWS services will be helpful to achieve this goal?
Answer options
- A. Amazon CloudWatch Logs and VPC Flow Logs
- B. AWS CloudTrail and VPC Flow Logs
- C. AWS CloudTrail and CloudWatch Logs
- D. AWS CloudTrail and AWS Config
Correct answer: C
Explanation
CloudWatch Logs is the appropriate service for collecting and monitoring web application log files to detect malicious behavior, while AWS CloudTrail records API calls to track remote attempts to modify network interfaces. VPC Flow Logs only captures network traffic metadata and cannot read application logs or track API requests, while AWS Config is used for configuration compliance auditing rather than real-time API monitoring. Thus, AWS CloudTrail and CloudWatch Logs together fulfill both requirements.