🔥 3-day streak
AWS Certified Security - Specialty137 / 157
Question 137 of 157

A security engineer wants a managed way to continuously detect resource misconfigurations across an AWS account, such as public S3 buckets, unrestricted security groups, and IAM users without MFA. The engineer wants automated checks that map to well-known security best practices and produce findings that indicate PASSED or FAILED status per control, without having to author individual detection rules. Which approach meets these requirements with the least operational effort?

Reviewed for accuracy · Report an issueNext question