AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A company manages a multi-account AWS environment within a single region using AWS Organizations. The management account is named management-01, and AWS Config is enabled across all accounts. The security-01 account is designated as the delegated administrator for AWS Config. Each account reports its compliance status to the security-01 account via an AWS Config aggregator. Account administrators can configure and manage their own AWS Config rules to meet unique compliance needs. A security engineer must implement a solution to automatically deploy a set of 10 AWS Config rules to all existing and future accounts in the organization, ensuring AWS Config is activated during account creation. Which two steps will fulfill these requirements?
A
Create an AWS CloudFormation template that contains the 10 required AWS Config rules. Deploy the template by using CloudFormation StackSets in the security-01 account.
B
Create a conformance pack that contains the 10 required AWS Config rules. Deploy the conformance pack from the security-01 account.
C
Create a conformance pack that contains the 10 required AWS Config rules. Deploy the conformance pack from the management-01 account.
D
Create an AWS CloudFormation template that will activate AWS Config. Deploy the template by using CloudFormation StackSets in the security-01 account.
E
Create an AWS CloudFormation template that will activate AWS Config. Deploy the template by using CloudFormation StackSets in the management-01 account.