Question #760
Which AWS service provides detailed tracking of API activity across AWS services for compliance auditing?
AWS CloudTrail
AWS Config
AWS CloudWatch
AWS Security Hub
Explanation
AWS CloudTrail (A) is designed to log and monitor all API activity across AWS services. It records details such as the identity of the API caller, the time of the call, the source IP address, request parameters, and response elements. These logs are critical for compliance auditing, security analysis, and troubleshooting.
Why other options are incorrect:
- AWS Config (B) focuses on tracking resource configurations and changes over time, not API activity.
- AWS CloudWatch (C) monitors metrics and logs for resource performance, not API call tracking.
- AWS Security Hub (D) aggregates security findings from multiple services but does not directly track API activity.
Key Points to Remember:
- CloudTrail is the primary service for API activity auditing.
- Compliance frameworks often require API activity logs, which CloudTrail provides.
- CloudTrail logs can be integrated with CloudWatch or Security Hub for advanced analysis.
Answer
The correct answer is: A