Answer-first summary for fast verification
Answer: Enable AWS Security Hub for the organization within AWS Organizations and appoint a single AWS account as the delegated administrator for Security Hub.
The correct answer is D. AWS Security Hub provides a comprehensive view of your security state within AWS and helps you check your compliance with the security best practices and industry standards. By enabling AWS Security Hub for the organization in AWS Organizations and designating one AWS account as the delegated administrator, the security team can achieve a centralized view of the security state of all accounts. This centralized approach aligns with the requirement of having a holistic view, making it the most suitable option among the given choices.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company establishes an AWS Control Tower landing zone to manage and govern a multi-account AWS environment. The company's security team is tasked with deploying both preventive and detective controls to monitor AWS services across all accounts. To achieve this, the security team requires a centralized view of the security status of all accounts. Which solution best addresses these requirements?
A
From the AWS Control Tower management account, utilize AWS CloudFormation StackSets to deploy an AWS Config conformance pack across all accounts within the organization.
B
Activate Amazon Detective for the organization within AWS Organizations and designate a single AWS account as the delegated administrator for Detective.
C
From the AWS Control Tower management account, deploy an AWS CloudFormation stack set with the automatic deployment feature enabled to activate Amazon Detective for the organization.
D
Enable AWS Security Hub for the organization within AWS Organizations and appoint a single AWS account as the delegated administrator for Security Hub.
No comments yet.