Automating Continuous Security Checks and Configurations with AWS Offerings
Question
Compliance team has mandated strict adherence to PCI DSS standards and Center for Internet Security (CIS) AWS Foundations Benchmark best practices.
To ensure compliance, it is decided that any deviations from the standards and best practices should be highlighted along with the recommended resolution steps. Which of the AWS offerings can help automate continuous, account/resource level security-related checks and configurations using standards and best practices?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: B.
Option A is INCORRECT.
Amazon Macie is a fully managed service from AWS that provides data security and privacy by utilizing Amazon's machine learning and pattern matching capabilities.
Option B is CORRECT.
AWS Security Hub provides a view of across-account security status and gives security alerts.
Security hub identifies deviations from the standards and best practices and suggests recommended resolution steps.
Option C is INCORRECT.
Amazon GuardDuty performs continuous monitoring to protect AWS accounts, S3 data and workloads from any malicious, unauthorized activities.
Option D is INCORRECT.
AWS Firewall Manager enables management and configuration of firewalls across AWS accounts and applications centrally.
Reference:
https://aws.amazon.com/macie/ https://aws.amazon.com/security-hub/features/ https://aws.amazon.com/guardduty/ https://aws.amazon.com/firewall-manager/The answer to this question is B. AWS Security Hub.
AWS Security Hub is a service that provides a comprehensive view of security alerts and compliance status across an AWS account. It continuously monitors and assesses the security of AWS resources and provides detailed security findings and recommendations based on industry standards and best practices, including PCI DSS and CIS AWS Foundations Benchmark.
AWS Security Hub automates security checks and configurations using security and compliance standards, including the ones mandated by the compliance team. It can aggregate findings from multiple security services, including Amazon GuardDuty, AWS Firewall Manager, and Amazon Macie.
AWS Security Hub provides a centralized dashboard that presents a summary of security alerts and compliance status across multiple AWS accounts. It integrates with AWS CloudFormation and AWS Config to automate remediation of security findings and to maintain continuous compliance.
By using AWS Security Hub, organizations can ensure that they are adhering to the mandated security and compliance standards, including PCI DSS and CIS AWS Foundations Benchmark. They can also automate the identification of security vulnerabilities and the implementation of remediation actions to minimize the risk of security incidents.
