🔥 3-day streak
AWS Certified Security - Specialty15 / 157
Question 15 of 157

A financial services company must produce audit-ready evidence for a SOC 2 examination across 40 AWS accounts in an organization. The security team already uses AWS Config with organization conformance packs to continuously evaluate resource compliance. Auditors now require a consolidated package that maps collected evidence to specific SOC 2 control requirements, automatically gathers supporting data (Config rule results, CloudTrail activity, and resource configurations), and can be exported as an assessment report for the examiners. Which approach best meets this requirement with the least custom development?

Reviewed for accuracy · Report an issueNext question