Answer-first summary for fast verification
Answer: In the organization’s management account, set up Amazon GuardDuty to automatically add new AWS accounts by sending invitations to both existing and future accounts. Develop an AWS CloudFormation stack set that accepts the GuardDuty invitation and establishes an Amazon EventBridge rule. This rule should be configured with an event pattern to detect GuardDuty events and relay them to the SNS topic. Deploy the CloudFormation stack set across all AWS accounts in the organization.
Option B is the correct solution. This approach ensures that all current and future AWS accounts in the organization are monitored by Amazon GuardDuty without manual intervention. By using AWS CloudFormation stack sets, the solution automates the process of accepting GuardDuty invitations and setting up EventBridge rules to forward detected security events to an SNS topic. This aligns with AWS best practices by leveraging automation and centralized management for better scalability and security coverage.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company operates applications across multiple AWS accounts within an AWS Organizations setup, utilizing Amazon EC2 instances and Amazon S3 storage. The company aims to proactively detect security incidents such as compromised EC2 instances, suspicious network traffic, and anomalous API usage across all its AWS accounts, including those yet to be created. Upon detection of such incidents, the company plans to notify its operational support team via an existing Amazon Simple Notification Service (Amazon SNS) topic for immediate investigation and mitigation. Which AWS-recommended solution should the company implement to achieve this goal?
A
In the organization’s management account, designate an AWS account as the Amazon GuardDuty administrator account. Within this GuardDuty administrator account, include the company’s existing AWS accounts as GuardDuty members. Subsequently, in the GuardDuty administrator account, establish an Amazon EventBridge rule configured with an event pattern to detect GuardDuty events and forward them to the designated SNS topic.
B
In the organization’s management account, set up Amazon GuardDuty to automatically add new AWS accounts by sending invitations to both existing and future accounts. Develop an AWS CloudFormation stack set that accepts the GuardDuty invitation and establishes an Amazon EventBridge rule. This rule should be configured with an event pattern to detect GuardDuty events and relay them to the SNS topic. Deploy the CloudFormation stack set across all AWS accounts in the organization.
C
In the organization’s management account, initiate an AWS CloudTrail organization trail. Enable this trail across all AWS accounts in the organization. Implement a Service Control Policy (SCP) to activate VPC Flow Logs for each account in the organization. Set up AWS Security Hub for the organization. Create an Amazon EventBridge rule with an event pattern to detect Security Hub events and forward them to the SNS topic.
D
In the organization’s management account, assign an AWS account as the AWS CloudTrail administrator account. Within this CloudTrail administrator account, create an organization trail. Incorporate the company’s existing AWS accounts into this organization trail. Enact an SCP to enable VPC Flow Logs for each account in the organization. Configure AWS Security Hub for the organization. Establish an Amazon EventBridge rule with an event pattern to detect Security Hub events and forward them to the SNS topic.