Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SAP-C02 Topic 6 Question 42 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 42
Topic #: 6
[All SAP-C02 Questions]

A company creates an AWS Control Tower landing zone to manage and govern a multi-account AWS environment. The company's security team will deploy preventive controls and detective controls to monitor AWS services across all the accounts. The security team needs a centralized view of the security state of all the accounts.

Which solution will meet these requirements'?

Show Suggested Answer Hide Answer
Suggested Answer: D

Enable AWS Security Hub:

Navigate to the AWS Security Hub console in your management account and enable Security Hub. This process integrates Security Hub with AWS Control Tower, allowing you to manage and monitor security findings across all accounts within your organization.

Designate a Delegated Administrator:

In AWS Organizations, designate one of the AWS accounts as the delegated administrator for Security Hub. This account will have the responsibility to manage and oversee the security posture of all accounts within the organization.

Deploy Controls Across Accounts:

Use AWS Security Hub to automatically enable security controls across all AWS accounts in the organization. This provides a centralized view of the security state of all accounts and ensures continuous monitoring and compliance.

Utilize AWS Security Hub Features:

Leverage the capabilities of Security Hub to aggregate security alerts, run continuous security checks, and generate findings based on the AWS Foundational Security Best Practices. Security Hub integrates with other AWS services like AWS Config, Amazon GuardDuty, and AWS IAM Access Analyzer to enhance security monitoring and remediation.

By integrating AWS Security Hub with AWS Control Tower and using a delegated administrator account, you can achieve a centralized and comprehensive view of your organization's security posture, facilitating effective management and remediation of security issues.

Reference

AWS Security Hub now integrates with AWS Control Tower77

AWS Control Tower and Security Hub Integration76

AWS Security Hub Features79


Contribute your Thoughts:

Eulah
3 days ago
Aw man, these options are like a game of 'Guess the Security Tool.' I just want to go home and play some 'AWS Tycoon' instead.
upvoted 0 times
...
Martina
6 days ago
Option B for the win! Enabling Detective is like hiring a private eye to keep an eye on our AWS accounts. Gotta love those detective skills!
upvoted 0 times
...
Mariann
11 days ago
Why do you think option D is better?
upvoted 0 times
...
Werner
13 days ago
I disagree, I believe option D is the most suitable solution.
upvoted 0 times
...
Anastacia
13 days ago
I don't know, Option A with the Config conformance pack sounds a bit complicated. Why go through all that when we can just use Detective or Security Hub?
upvoted 0 times
Fallon
8 days ago
Option A with the Config conformance pack is more thorough and can provide a centralized view of security state.
upvoted 0 times
...
...
Louvenia
1 months ago
Hmm, Option C seems interesting. Deploying a CloudFormation stack set to automatically enable Detective across the organization could be a neat way to do this.
upvoted 0 times
...
Judy
1 months ago
I'm leaning towards Option D. Enabling Security Hub and setting up a delegated admin account could give us the centralized security view we need.
upvoted 0 times
Cordelia
7 days ago
True, Option A could work too. It really depends on the specific needs and preferences of the security team.
upvoted 0 times
...
Gail
8 days ago
But what about Option A? Using CloudFormation StackSets for AWS Config conformance pack deployment could also be effective.
upvoted 0 times
...
Haley
14 days ago
I agree, having a delegated admin account for Security Hub could make management easier.
upvoted 0 times
...
Andree
20 days ago
Option D sounds like a good choice. Security Hub can provide that centralized view we need.
upvoted 0 times
...
...
Mariann
1 months ago
I think option A is the best choice.
upvoted 0 times
...
Casey
1 months ago
Option B looks like the way to go. Enabling Detective and designating a delegated admin account seems like the most straightforward solution.
upvoted 0 times
Lezlie
13 days ago
Yeah, I think enabling Amazon Detective and designating a delegated admin account is the most efficient way to monitor the security state of all the accounts.
upvoted 0 times
...
Joaquin
20 days ago
I agree, option B seems like the best choice. Having a designated admin for Detective makes it easier to manage.
upvoted 0 times
...
...

Save Cancel