ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 263 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 263
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A security engineer has enabled AWS Security Hub in their AWS account, and has enabled the Center for Internet Security (CIS) AWS Foundations compliance standard. No evaluation results on compliance are returned in the Security Hub console after several hours. The engineer wants to ensure that Security Hub can evaluate their resources for CIS AWS Foundations compliance.
Which steps should the security engineer take to meet these requirements?

  • A. Add full Amazon Inspector IAM permissions to the Security Hub service role to allow it to perform the CIS compliance evaluation.
  • B. Ensure that AWS Trusted Advisor is enabled in the account, and that the Security Hub service role has permissions to retrieve the Trusted Advisor security- related recommended actions.
  • C. Ensure that AWS Config is enabled in the account, and that the required AWS Config rules have been created for the CIS compliance evaluation.
  • D. Ensure that the correct trail in AWS CloudTrail has been configured for monitoring by Security Hub, and that the Security Hub service role has permissions to perform the GetObject operation on CloudTrail's Amazon S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by AWee at Aug. 28, 2021, 7:35 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kiev
Highly Voted 3 years, 9 months ago
C as well for me and thanks for the link.
upvoted 11 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: C
Security Hub requires AWS Config to be enabled to do checks. C is the correct answer.
upvoted 1 times
...
ITGURU51
2 years, 2 months ago
As per AWS: AWS Security Hub generates control findings by performing security checks against controls. Some controls use AWS Config rules and have associated AWS Config resources. For Security Hub to accurately report findings for controls that have a change triggered schedule type, you must enable recording for the following resources in AWS Config. C
upvoted 1 times
...
Chiquitabandita
2 years, 5 months ago
why are most of the answers provided by examtopics given as the correct answer and even supply a link sometimes but are usually wrong? And can one of their editors give a new version with the correct answers? And in your experience is this common on the other tests from the different vendors, like the Splunk tests?
upvoted 2 times
...
Jayant5
2 years, 11 months ago
c is correct
upvoted 1 times
...
dcasabona
2 years, 11 months ago
Selected Answer: C
C for sure.
upvoted 1 times
...
sapien45
2 years, 11 months ago
Selected Answer: C
To run security checks for the enabled controls on your environment's resources, Security Hub either runs through the exact audit steps prescribed for the checks in Securing Amazon Web Services or uses specific AWS Config managed rules.
upvoted 2 times
...
TigerInTheCloud
3 years, 2 months ago
Selected Answer: C
https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-cis-config-resources.html
upvoted 2 times
...
mx677
3 years, 4 months ago
Selected Answer: C
Security Hub needs AWS Config for the security checks
upvoted 3 times
...
Radhaghosh
3 years, 5 months ago
Answer is C
upvoted 1 times
...
G_logic44
3 years, 6 months ago
Q: How are AWS Config and AWS Config rules related to AWS Security Hub? AWS Security Hub is a security and compliance service that provides security and compliance posture management, as a service. It uses AWS Config and Config rules as its primary mechanism to evaluate the configuration of AWS resources. AWS Config rules can also be used to evaluate resource configuration directly. They also are used by other AWS services, such AWS Control Tower and AWS Firewall Manager. https://aws.amazon.com/security-hub/faqs/
upvoted 2 times
...
TollaMS
3 years, 9 months ago
D is the answer https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html
upvoted 3 times
babaseun
3 years, 8 months ago
Please read the first statement on your link, Answer is C
upvoted 4 times
...
...
AWee
3 years, 9 months ago
C Enable AWS Config before enabling Security Hub (Recommended)
upvoted 4 times
santosar
3 years, 9 months ago
Thanks page 482 !! C
upvoted 2 times
Totoroha
3 years, 8 months ago
https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub.pdf this link? page 482? I can't find anything.
upvoted 1 times
1awssec
3 years, 8 months ago
page 543
upvoted 1 times
...
...
...
babaseun
3 years, 9 months ago
https://aws.amazon.com/security-hub/faqs/#:~:text=In%20order%20for%20AWS%20Security%20Hub%20to%20run%20security%20checks%20in%20an%20account%2C%20you%20must%20have%20AWS%20Config%20recorder%20enabled%20in%20that%20account.%20It%20is%20also%20recommended%20that%20you%20first%20enable%20AWS%20Organizations%20to%20simplify%20enabling%20AWS%20Security%20Hub%20across%20your%20organization.
upvoted 3 times
...
[Removed]
3 years, 8 months ago
Security Hub requires that AWS Config is enabled in all accounts that have Security Hub enabled. Security Hub controls use AWS Config rules to complete security checks. https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-setup-prereqs.html
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel