AWS Certified Solutions Architect – Associate (SAA-C02) — Question 797

A company recently migrated its entire IT environment to the AWS Cloud. The company discovers that users are provisioning oversized Amazon EC2 instances and modifying security group rules without using the appropriate change control process. A solutions architect must devise a strategy to track and audit these inventory and configuration changes.
Which actions should the solutions architect take to meet these requirements? (Choose two.)

Answer options

• A. Enable AWS CloudTrail and use it for auditing.
• B. Use data lifecycle policies for the Amazon EC2 instances.
• C. Enable AWS Trusted Advisor and reference the security dashboard.
• D. Enable AWS Config and create rules for auditing and compliance purposes.
• E. Restore previous resource configurations with an AWS CloudFormation template.

Correct answer: A, D

Explanation

AWS CloudTrail tracks and logs user activity and API calls, making it ideal for auditing who modified the security group rules. AWS Config monitors and records AWS resource configurations, enabling the solutions architect to define rules that check for compliance, such as alerting on oversized Amazon EC2 instances. Other services like AWS Trusted Advisor or CloudFormation do not provide this level of continuous configuration auditing and history tracking.