A company utilizing AWS Organizations manages production workloads across multiple AWS accounts. A security engineer is tasked with designing a comprehensive solution to proactively monitor for any suspicious activities within these production accounts. The solution must not only automate the remediation of identified incidents but also ensure that critical security findings trigger notifications via an Amazon Simple Notification Service (Amazon SNS) topic. Additionally, all security incident logs should be centralized in a dedicated logging account. Which of the following solutions meets all these requirements?

Exam-Like

Activate Amazon GuardDuty in each production account, aggregate all GuardDuty logs in a dedicated logging account, and configure GuardDuty to invoke an AWS Lambda function directly for remediation. The Lambda function should also be set up to publish notifications to the SNS topic.

16.7%

Activate AWS Security Hub in each production account, aggregate all Security Hub findings in a dedicated logging account, and use AWS Config and AWS Systems Manager for remediation. Systems Manager should be configured to publish notifications to the SNS topic.

0.0%

Activate Amazon GuardDuty in each production account, aggregate all GuardDuty logs in a dedicated logging account, and use Amazon EventBridge to invoke a custom AWS Lambda function from GuardDuty findings for remediation. The Lambda function should be configured to publish notifications to the SNS topic.

83.3%

Activate AWS Security Hub in each production account, aggregate all Security Hub findings in a dedicated logging account, and use Amazon EventBridge to invoke a custom AWS Lambda function from Security Hub findings for remediation. The Lambda function should be configured to publish notifications to the SNS topic.

0.0%

AWS Certified Security - Specialty

Get started today

Comments