🔥 3-day streak
AWS Certified Security - Specialty16 / 157
Question 16 of 157

A financial services company must produce quarterly evidence packages mapped to the PCI DSS control framework for external auditors. The security team already uses AWS Config rules across all accounts in an AWS Organizations setup. Auditors require a repeatable, framework-organized collection of evidence (configuration snapshots, compliance check results, and CloudTrail activity) that maps individual controls to the underlying AWS resource data, with the ability to delegate manual attestation for controls that AWS services cannot automatically assess. Which approach best meets these requirements with the least custom development?

Reviewed for accuracy · Report an issueNext question