Answer-first summary for fast verification
Answer: Create an Audit Manager assessment, define the scope and controls, and then use AWS Security Hub to automatically collect evidence. Example: A security policy requiring all S3 buckets to have server-side encryption enabled.
The most comprehensive and automated approach is to use Audit Manager in conjunction with AWS Security Hub. Audit Manager can be used to create an assessment, define the scope and controls, while Security Hub can automatically collect evidence of compliance. The example provided demonstrates a specific security policy that could be assessed using this tool, such as requiring all S3 buckets to have server-side encryption enabled.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have been asked to use AWS Audit Manager to collect and organize evidence of compliance with a specific security policy. Describe the steps you would take to set up and use Audit Manager for this purpose, and provide an example of a security policy that could be assessed using this tool.
A
Create an Audit Manager assessment, define the scope and controls, and then use AWS Config rules to automatically collect evidence. Example: A security policy requiring all EC2 instances to have disk encryption enabled.
B
Create an Audit Manager assessment, define the scope and controls, and then manually review AWS resources to collect evidence. Example: A security policy requiring all RDS instances to be in a specific VPC.
C
Create an Audit Manager assessment, define the scope and controls, and then use AWS Security Hub to automatically collect evidence. Example: A security policy requiring all S3 buckets to have server-side encryption enabled.
D
Create an Audit Manager assessment, define the scope and controls, and then use AWS CloudTrail to automatically collect evidence. Example: A security policy requiring all Lambda functions to have a specific set of IAM permissions.
No comments yet.