A security engineer has enabled AWS Security Hub in their AWS account, and has enabled the Center for Internet Security (CIS) AWS Foundations compliance standard. No evaluation results on compliance are returned in the Security Hub console after several hours. The engineer wants to ensure that Security Hub can evaluate their resources for CIS AWS Foundations compliance. Which steps should the security engineer take to meet these requirements?
A) Add full Amazon Inspector IAM permissions to the Security Hub service role to allow it to perform the CIS compliance evaluation.
B) Ensure that AWS Trusted Advisor is enabled in the account, and that the Security Hub service role has permissions to retrieve the Trusted Advisor security-related recommended actions.
C) Ensure that AWS Config is enabled in the account, and that the required AWS Config rules have been created for the CIS compliance evaluation.
D) Ensure that the correct trail in AWS CloudTrail has been configured for monitoring by Security Hub, and that the Security Hub service role has permissions to perform the GetObject operation on CloudTrail's Amazon S3 bucket.
Correct Answer:
Verified
Q253: A company has developed a new Amazon
Q254: An audit determined that a company's Amazon
Q255: A company has two AWS accounts: Account
Q256: A security engineer has been tasked with
Q257: A company's development team is designing an
Q259: A company is storing data in Amazon
Q260: A company hosts an application on Amazon
Q261: A Security Engineer has launched multiple Amazon
Q262: A Security Engineer is troubleshooting a connectivity
Q263: A company is developing a mobile shopping
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents