A financial services company on AWS designed security controls to meet NIST and PCI DSS standards. Third-party auditors need evidence that the controls are implemented and operating correctly across hundreds of AWS accounts in a single AWS Organizations organization. Which solution provides monitoring of the controls across accounts?
Choose an answer
Tap an option to check your answer.
Correct answer: Designate one account as the AWS Security Hub delegated administrator account from the Organizations management account. In the designated Security Hub administrator account, enable Security Hub for all member accounts. Enable Security Hub standards for NIST and PCI DSS..
Why this is the answer
AWS Security Hub is the correct choice because it is designed to aggregate, organize, and prioritize security findings from various AWS services and partner products across multiple accounts. By designating a delegated administrator account, Security Hub can be enabled across all member accounts in an AWS Organization. It directly supports industry standards like NIST and PCI DSS through its security standards feature, providing a centralized view of compliance status. Amazon Inspector focuses on vulnerability management for EC2 instances and container images, not broad security control monitoring across an organization. Amazon GuardDuty is a threat detection service, not primarily for auditing compliance against standards. AWS CloudTrail records API activity and events, which can be used as input for compliance, but it doesn't inherently provide a consolidated view of compliance against specific standards like Security Hub does.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed