AWS Security Hub provides a centralized view of security findings across AWS accounts and services. It integrates natively with AWS Config conformance packs, which evaluate compliance against industry standards such as CIS and PCI-DSS.
From AWS Documentation:
“AWS Security Hub aggregates, organizes, and prioritizes security alerts and compliance status across AWS accounts. Use AWS Config conformance packs to assess compliance with security frameworks.”
(Source: AWS Security Hub User Guide – Managing Findings and Compliance)
Why C is correct:
Security Hub provides a centralized dashboard for compliance visibility.
Conformance packs in AWS Config automate compliance checks across accounts.
Fully managed, minimal maintenance, and integrates natively with AWS services.
Why others are incorrect:
A: Conformance packs are not a feature of Amazon Inspector.
B: Third-party tools on EC2 require management and add operational overhead.
D: Systems Manager is not designed for compliance aggregation.
[References:, AWS Security Hub User Guide – “Compliance Standards and Findings”, AWS Config User Guide – “Conformance Packs Overview”, AWS Well-Architected Framework – Security Pillar, , , ]
