A company establishes an AWS Control Tower landing zone to manage and govern a multi-account AWS environment. The company's security team is tasked with deploying both preventive and detective controls to monitor AWS services across all accounts. To achieve this, the security team requires a centralized view of the security status of all accounts. Which solution best addresses these requirements?

Exam-Like

From the AWS Control Tower management account, utilize AWS CloudFormation StackSets to deploy an AWS Config conformance pack across all accounts within the organization.

37.5%

Activate Amazon Detective for the organization within AWS Organizations and designate a single AWS account as the delegated administrator for Detective.

12.5%

From the AWS Control Tower management account, deploy an AWS CloudFormation stack set with the automatic deployment feature enabled to activate Amazon Detective for the organization.

25.0%

Enable AWS Security Hub for the organization within AWS Organizations and appoint a single AWS account as the delegated administrator for Security Hub.

25.0%

AWS Certified Solutions Architect - Professional

Get started today

Comments