You are tasked with designing a secure AWS environment that enforces least privilege access and provides detailed audit logs of all API calls. Which combination of AWS services should you implement?

hard📝 Application Q8 of 15

AWS - Architecture Best Practices

AAWS IAM for access control and AWS CloudTrail for auditing

BAWS Shield for access control and AWS Config for auditing

CAWS WAF for access control and AWS Trusted Advisor for auditing

DAWS Organizations for access control and AWS GuardDuty for auditing

Step-by-Step Solution

Solution:

Step 1: Enforce least privilege access
AWS IAM allows fine-grained permission management to enforce least privilege.
Step 2: Provide detailed audit logs
AWS CloudTrail records all API calls for auditing and compliance.
Final Answer:
AWS IAM for access control and AWS CloudTrail for auditing -> Option A
Quick Check:
IAM controls access; CloudTrail logs API calls [OK]

Quick Trick: IAM controls access; CloudTrail logs activity [OK]

Common Mistakes:

Confusing Shield and WAF as access control
Assuming Config or GuardDuty provide full audit logs
Thinking Trusted Advisor manages permissions

Master "Architecture Best Practices" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More AWS Quizzes

You are tasked with designing a secure AWS environment that enforces least privilege access and provides detailed audit logs of all API calls. Which combination of AWS services should you implement?

Step 1: Enforce least privilege access

Step 2: Provide detailed audit logs

Final Answer:

Quick Check:

Want More Practice?