Topic 1 Question 186

AWS Certified Security - Specialty

Topic 1 Question 186
A company used AWS Organizations to set up an environment with multiple AWS accounts. The company's organization currently has two AWS accounts, and the company expects to add more than 50 AWS accounts during the next 12 months. The company will require all existing and future AWS accounts to use Amazon GuardDuty. Each existing AWS account has GuardDuty active. The company reviews GuardDuty findings by logging into each AWS account individually.

The company wants a centralized view of the GuardDuty findings for the existing AWS accounts and any future AWS accounts. The company also must ensure that any new AWS account has GuardDuty automatically turned on.

Which solution will meet these requirements?
- Enable AWS Security Hub in the organization's management account. Configure GuardDuty within the management account to send all GuardDuty findings to Security Hub.
- Create a new AWS account in the organization. Enable GuardDuty in the new account. Designate the new account as the delegated administrator account for GuardDuty. Configure GuardDuty to add existing accounts as member accounts. Select the option to automatically add new AWS accounts to the organization.
- Create a new AWS account in the organization. Enable GuardDuty in the new account. Enable AWS Security Hub in each account. Select the option to automatically add new AWS accounts to the organization.
- Enable AWS Security Hub in the organization's management account. Designate the management account as the delegated administrator account for Security Hub. Add existing accounts as member accounts. Select the option to automatically add new AWS accounts to the organization. Send all Security Hub findings to the organization's GuardDuty account.
ユーザの投票
コメント(2)
- https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html
  
  👍 1
  VPNalumni2024/10/12
- 正解だと思う選択肢: B
  Here’s why this option fits:
  
  Centralized Management: By designating a new account as the delegated administrator for GuardDuty, you centralize the view and management of GuardDuty findings across all accounts. This setup is ideal when scaling to many accounts, as it keeps everything organized and easy to manage. Automatic Enrollment: The option to automatically add new AWS accounts ensures that any newly created accounts will have GuardDuty enabled by default, maintaining consistent security posture across the organization. Separation of Duties: Using a dedicated account for security services like GuardDuty keeps things isolated from other management functions, enhancing security and clarity.
  
  👍 1
  Pat95952025/01/31
シャッフルモード

ユーザの投票

コメント(2)