You are responsible for deploying a critical application to AWS. It is required to ensure that the controls set for this application meet PCI compliance. Also, there is a need to monitor web application logs to identify any malicious activity. Which of the following services could be used to fulfill this requirement? (Select TWO)

Answer options:

A.Amazon CloudWatch Logs
B.AWS Personal Health Dashboard
C.Amazon Trusted Advisor
D.Amazon CloudTrail

Correct Answers – A and D
AWS Documentation mentions the following about these services:
Option A is correct as Amazon CloudWatch Logs is used to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Amazon Route 53, and other sources. You can then retrieve the associated log data from CloudWatch Logs.
https://aws.amazon.com/compliance/services-in-scope/
Option B is incorrect because AWS Personal Health Dashboard provides alerts and guidance for AWS events that might affect your environment. It will not help to monitor the web application.
https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/
Option C is incorrect because AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. It is not required as per the requirement. The question asks for monitoring services, not logging or some visualizing service.
Option D is correct as AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. 
https://aws.amazon.com/cloudtrail/
References:
https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/
https://aws.amazon.com/blogs/aws/vpc-flow-logs-log-and-view-network-traffic-flows/