AWS Certified Security - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Use Security Hub to collect and organize evidence of compliance, and then use AWS Config rules to automatically detect and remediate noncompliant resources. Example: A security policy requiring all S3 buckets to have server-side encryption enabled.

The most comprehensive and automated approach is to use Security Hub in conjunction with AWS Config rules. Security Hub can collect and organize evidence of compliance, while AWS Config rules can automatically detect and remediate noncompliant resources. The example provided demonstrates a specific security policy that could be enforced through this process, such as requiring all S3 buckets to have server-side encryption enabled.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your organization is using AWS Security Hub to collect and organize evidence of compliance with various security policies. Describe how you would use Security Hub to identify and remediate noncompliant AWS resources, and provide an example of a security policy that could be enforced through this process.

Simulated

Use Security Hub to collect and organize evidence of compliance, and then use AWS Config rules to automatically detect and remediate noncompliant resources. Example: A security policy requiring all S3 buckets to have server-side encryption enabled.

66.7%

Use Security Hub to collect and organize evidence of compliance, and then use AWS Lambda functions to automatically detect and remediate noncompliant resources. Example: A security policy requiring all EC2 instances to have a specific set of security groups attached.

33.3%

Use Security Hub to collect and organize evidence of compliance, and then use AWS CloudTrail to automatically detect and remediate noncompliant resources. Example: A security policy requiring all RDS instances to be in a specific VPC.

Use Security Hub to collect and organize evidence of compliance, and then use AWS Audit Manager to manually review and remediate noncompliant resources. Example: A security policy requiring all Lambda functions to have a specific set of IAM permissions.