Correct answer - "Check the Service IAM permissions" : To enable CloudWatch Logs, you must grant
API Gateway permission to read and write logs to CloudWatch for your account. The
AmazonAPIGatewayPushToCloudWatchLogs managed policy (with an ARN of
arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs) has all the required
permissions.
Incorrect:
"Check the CloudWatch Logs Policy" - There is no such policy instead you would create an IAM
Policy to Access CloudWatch Logs
"Also enable X-Ray integration" - X-ray does not authorize API calls
"Ensure in-flight encryption is disabled" - Encryption has nothing to do with API Gateway
accessing CloudWatch logs