SCS-C03 · Question #34
SCS-C03 Question #34: Real Exam Question with Answer & Explanation
The correct answer is D: Create an AWS Audit Manager assessment that uses the AWS managed PCI DSS v4.0 standard. AWS Audit Manager is specifically designed to help organizations continuously audit their AWS usage against compliance frameworks and generate audit-ready reports. According to AWS Certified Security - Specialty documentation, Audit Manager includes AWS managed frameworks for com
Question
A company uses AWS to run a web application that manages ticket sales in several countries. The company recently migrated the application to an architecture that includes Amazon API Gateway, AWS Lambda, and Amazon Aurora Serverless. The company needs the application to comply with Payment Card Industry Data Security Standard (PCI DSS) v4.0. A security engineer must generate a report that shows the effectiveness of the PCI DSS v4.0 controls that apply to the application. The company's compliance team must be able to add manual evidence to the report. Which solution will meet these requirements?
Options
- AEnable AWS Trusted Advisor. Configure all the Trusted Advisor checks. Manually map the
- BEnable and configure AWS Config. Deploy the Operational Best Practices for PCI DSS
- CEnable AWS Security Hub. Enable the Security Hub PCI DSS security standard. Use the AWS
- DCreate an AWS Audit Manager assessment that uses the AWS managed PCI DSS v4.0 standard
Explanation
AWS Audit Manager is specifically designed to help organizations continuously audit their AWS usage against compliance frameworks and generate audit-ready reports. According to AWS Certified Security - Specialty documentation, Audit Manager includes AWS managed frameworks for compliance standards, including PCI DSS v4.0. Audit Manager automatically collects evidence from AWS services such as API Gateway, Lambda, RDS, CloudTrail, and Config, and maps the evidence directly to PCI DSS controls. Importantly, Audit Manager allows compliance teams to upload and attach manual evidence, which is a key requirement in this scenario. Option C provides visibility into control status but does not support adding manual evidence. Option B evaluates configuration compliance but does not generate formal compliance reports. Option A requires extensive manual effort and is not aligned with PCI reporting workflows. AWS documentation positions Audit Manager as the authoritative service for compliance reporting and audit evidence management.
Community Discussion
No community discussion yet for this question.