Ultimate access to all questions.
A company operates applications across multiple AWS accounts within an AWS Organizations setup, utilizing Amazon EC2 instances and Amazon S3 storage. The company aims to proactively detect security incidents such as compromised EC2 instances, suspicious network traffic, and anomalous API usage across all its AWS accounts, including those yet to be created. Upon detection of such incidents, the company plans to notify its operational support team via an existing Amazon Simple Notification Service (Amazon SNS) topic for immediate investigation and mitigation. Which AWS-recommended solution should the company implement to achieve this goal?
A
In the organization’s management account, designate an AWS account as the Amazon GuardDuty administrator account. Within this GuardDuty administrator account, include the company’s existing AWS accounts as GuardDuty members. Subsequently, in the GuardDuty administrator account, establish an Amazon EventBridge rule configured with an event pattern to detect GuardDuty events and forward them to the designated SNS topic.
B
In the organization’s management account, set up Amazon GuardDuty to automatically add new AWS accounts by sending invitations to both existing and future accounts. Develop an AWS CloudFormation stack set that accepts the GuardDuty invitation and establishes an Amazon EventBridge rule. This rule should be configured with an event pattern to detect GuardDuty events and relay them to the SNS topic. Deploy the CloudFormation stack set across all AWS accounts in the organization.
C
In the organization’s management account, initiate an AWS CloudTrail organization trail. Enable this trail across all AWS accounts in the organization. Implement a Service Control Policy (SCP) to activate VPC Flow Logs for each account in the organization. Set up AWS Security Hub for the organization. Create an Amazon EventBridge rule with an event pattern to detect Security Hub events and forward them to the SNS topic.
D
In the organization’s management account, assign an AWS account as the AWS CloudTrail administrator account. Within this CloudTrail administrator account, create an organization trail. Incorporate the company’s existing AWS accounts into this organization trail. Enact an SCP to enable VPC Flow Logs for each account in the organization. Configure AWS Security Hub for the organization. Establish an Amazon EventBridge rule with an event pattern to detect Security Hub events and forward them to the SNS topic.