Q33 — AWS SCS-C02 Ch.1
Question 33 of 100 | ← Chapter 1
A company that operates in a hybrid cloud environment must meet strict compliance requirements. The company wants to create a report that includes evidence from on-premises workloads alongside evidence from AWS resources. A security engineer must implement a solution to collect, review, and manage the evidence to demonstrate compliance with company policy. Which solution will meet these requirements?
- A. Create an assessment in AWS Audit Manager from a prebuilt framework or a custom framework. Upload manual evidence from the onpremises workloads. Add the evidence to the assessment. Generate an assessment report after Audit Manager collects the necessary evidence from the AWS resources. ✓
- B. Install the Amazon CloudWatch agent on the on-premises workloads. Use AWS Cong to deploy a conformance pack from a sample conformance pack template or a custom YAML template. Generate an assessment report after AWS Cong identies noncompliant workloads and resources.
- C. Set up the appropriate security standard in AWS Security Hub. Upload manual evidence from the on-premises workloads. Wait for Security Hub to collect the evidence from the AWS resources. Download the list of controls as a .csv le.
- D. Install the Amazon CloudWatch agent on the on-premises workloads. Create a CloudWatch dashboard to monitor the on-premises workloads and the AWS resources. Run a query on the workloads and resources. Download the results.
Correct Answer: A. Create an assessment in AWS Audit Manager from a prebuilt framework or a custom framework. Upload manual evidence from the onpremises workloads. Add the evidence to the assessment. Generate an assessment report after Audit Manager collects the necessary evidence from the AWS resources.
Explanation
AWS Audit Manager专为简化合规性评估设计,支持自动收集AWS资源证据并通过手动上传整合本地工作负载的证据。其预建或自定义框架功能可直接生成符合要求的综合报告。其他选项中,B依赖AWS Config主要处理资源配置合规而非证据整合,C的Security Hub侧重于聚合安全状态而非结构化报告,D的CloudWatch专注于监控指标而非合规证据管理。AWS官方文档指出Audit Manager适合混合环境证据收集与报告生成。