Answer: B
Option A is incorrect because AWS Config is a fully managed service that provides you with a resource inventory, configuration history, and configuration change notifications to enable security and governance. You can also discover existing AWS resources, export a complete inventory of your AWS resources with all configuration details, and determine how a resource was configured at any point in time.
Option B is correct because this is an API monitoring service and using CloudTrail. You can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides the event history of your AWS account activity, including actions taken through the AWS management console, AWS SDKs, command-line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. Besides, you can use CloudTrail to detect unusual activity in your AWS accounts.
Option C is incorrect because this is a metric and logging service.
Option D is incorrect because it is used to deploy stacks of resources.
CloudWatch and Config serve distinct use cases for monitoring and complements each other from the AWS ecosystem.
Config is typically used for auditing and compliance purposes across organizations to verify whether AWS resource changes being made are per compliance rules.
CloudWatch is designed to provide performance information about AWS resources such as EC2, Lambda, etc. Developers can use information from CloudWatch to identify bottlenecks in applications or workflows.
CloudWatch will help you send alerts when CPU /Memory utilization reaches a certain threshold and browse metrics associated with CPU/Network to identify operational and security issues.
For more information on AWS CloudTrail, please refer to the below URL-
https://aws.amazon.com/cloudtrail/