Topic 1 Question 271
A company has a multi-account strategy that uses an organization in AWS Organizations with all features enabled. The company has enabled trusted access for AWS Account Management. New accounts are provisioned through AWS Control Tower Account Factory.
The company must ensure that all new accounts in the organization become AWS Security Hub member accounts.
Which solution will meet these requirements with the LEAST development effort?
Enable Security Hub in the organization’s management account. Create an AWS Step Functions workflow. Create an Amazon EventBridge rule to invoke the workflow when a CreateAccount event occurs.
Enable Security Hub in the organization’s management account. Wait for all new accounts to complete automatic onboarding.
Enable Security Hub in the organization’s management account. Create an AWS Lambda function to enable Security Hub for new accounts. Invoke the Lambda function by using an AWS Control Tower lifecycle event that occurs when a new account is provisioned.
Use the organization’s management account to designate a Security Hub delegated administrator account. In the delegated administrator account, create a configuration policy to enable Security Hub. Associate the configuration policy with the organization root.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: D
It's best practice to designate a delegated security administrator account.
https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html https://docs.aws.amazon.com/securityhub/latest/userguide/create-associate-policy.html👍 2k233192024/11/25 - 正解だと思う選択肢: D
it not B. because new accounts need to be configured the appropriate settings with a delegated administrator or create automation to enable Security Hub. This answer is incomplete.
👍 2TareDHakim2025/01/09 - 正解だと思う選択肢: D
D makes the most sense
👍 10adbfdf2024/11/27
シャッフルモード