A company has a requirement to monitor API activity for audit purposes for their AWS account. This audit would be conducted in the future as well and should apply to all regions. How would you design your solution to meet the present and future needs?

Answer options:

A.Ensure CloudTrail logs is enabled for each region and then enable for each future region.
B.Ensure one CloudTrail log is enabled for all regions
C.Enable AWS Config to record the events in all regions.
D.Enable AWS Inspector to record the events in all regions.

Answer – B
The AWS Documentation mentions the following.
When you create a trail that applies to all regions, CloudTrail records events in each region and delivers the CloudTrail event log files to an S3 bucket that you specify. If a region is added after you create a trail that applies to all regions, the new region is automatically included, and events in that region are logged. 
AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions and API calls. You can identify which users and accounts are called AWS, the source IP address from which the calls were made, and when the calls occurred.
Option A is incorrect since this is an overhead to enable it each time for every new region.
Options C is incorrect since AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations.
Option D is incorrect since Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.
For more information on AWS CloudTrail, please refer to the below URL-
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html