AWS Certified Solutions Architect – Associate (SAA-C03) — Question 316

A company recently migrated its entire IT environment to the AWS Cloud. The company discovers that users are provisioning oversized Amazon EC2 instances and modifying security group rules without using the appropriate change control process. A solutions architect must devise a strategy to track and audit these inventory and configuration changes.

Which actions should the solutions architect take to meet these requirements? (Choose two.)

Answer options

• A. Enable AWS CloudTrail and use it for auditing.
• B. Use data lifecycle policies for the Amazon EC2 instances.
• C. Enable AWS Trusted Advisor and reference the security dashboard.
• D. Enable AWS Config and create rules for auditing and compliance purposes.
• E. Restore previous resource configurations with an AWS CloudFormation template.

Correct answer: A, D

Explanation

AWS CloudTrail tracks user activity and API usage, allowing the company to audit who made unauthorized changes to security groups and EC2 instances. AWS Config continuously monitors and records resource configurations, enabling the tracking of inventory history and compliance evaluation against specified rules. Other choices like data lifecycle policies or Trusted Advisor do not offer the detailed configuration auditing and historical tracking required for this scenario.