AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
A company operates applications across multiple AWS accounts within an AWS Organizations setup, utilizing Amazon EC2 instances and Amazon S3 storage. The company aims to proactively detect security incidents such as compromised EC2 instances, suspicious network traffic, and anomalous API usage across all its AWS accounts, including those yet to be created. Upon detection of such incidents, the company plans to notify its operational support team via an existing Amazon Simple Notification Service (Amazon SNS) topic for immediate investigation and mitigation. Which AWS-recommended solution should the company implement to achieve this goal?
A company operates applications across multiple AWS accounts within an AWS Organizations setup, utilizing Amazon EC2 instances and Amazon S3 storage. The company aims to proactively detect security incidents such as compromised EC2 instances, suspicious network traffic, and anomalous API usage across all its AWS accounts, including those yet to be created. Upon detection of such incidents, the company plans to notify its operational support team via an existing Amazon Simple Notification Service (Amazon SNS) topic for immediate investigation and mitigation. Which AWS-recommended solution should the company implement to achieve this goal?
Explanation:
Option B is the correct solution. This approach ensures that all current and future AWS accounts in the organization are monitored by Amazon GuardDuty without manual intervention. By using AWS CloudFormation stack sets, the solution automates the process of accepting GuardDuty invitations and setting up EventBridge rules to forward detected security events to an SNS topic. This aligns with AWS best practices by leveraging automation and centralized management for better scalability and security coverage.