Requirements and Correct Selections
Automatically collect evidence from AWS CloudTrail, AWS Config, and AWS Security Hub for an assessment report.
Correct Answer:
AWS Audit Manager controls
Why:
AWS Audit Manager is specifically designed toautomatically collect, map, and organize evidencefrom AWS services such as CloudTrail, AWS Config, and AWS Security Hub. Audit Manager controls are used within audit frameworks to continuously gather evidence and generate assessment reports for compliance audits.
Determine which IAM principals within the AWS account have access to a specified resource.
Correct Answer:
AWS Identity and Access Management Access Analyzer internal access analyzers
Why:
IAM Access Analyzer internal access analyzers are used toidentify which IAM users, roles, or services within an account or organization have access to a specific resource. This is a core access visibility and audit requirement for IAM reviews.
Download AWS security and compliance documents on demand.
Correct Answer:
AWS Artifact reports
Why:
AWS Artifact provideson-demand access to AWS security, compliance, and audit reports, including SOC reports, ISO certifications, and compliance attestations. This service is explicitly intended for audit preparation and regulatory documentation.