BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SAP-C02 Topic 6 Question 42 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 42
Topic #: 6
[All SAP-C02 Questions]

A company creates an AWS Control Tower landing zone to manage and govern a multi-account AWS environment. The company's security team will deploy preventive controls and detective controls to monitor AWS services across all the accounts. The security team needs a centralized view of the security state of all the accounts.

Which solution will meet these requirements'?

Show Suggested Answer Hide Answer
Suggested Answer: D

Enable AWS Security Hub:

Navigate to the AWS Security Hub console in your management account and enable Security Hub. This process integrates Security Hub with AWS Control Tower, allowing you to manage and monitor security findings across all accounts within your organization.

Designate a Delegated Administrator:

In AWS Organizations, designate one of the AWS accounts as the delegated administrator for Security Hub. This account will have the responsibility to manage and oversee the security posture of all accounts within the organization.

Deploy Controls Across Accounts:

Use AWS Security Hub to automatically enable security controls across all AWS accounts in the organization. This provides a centralized view of the security state of all accounts and ensures continuous monitoring and compliance.

Utilize AWS Security Hub Features:

Leverage the capabilities of Security Hub to aggregate security alerts, run continuous security checks, and generate findings based on the AWS Foundational Security Best Practices. Security Hub integrates with other AWS services like AWS Config, Amazon GuardDuty, and AWS IAM Access Analyzer to enhance security monitoring and remediation.

By integrating AWS Security Hub with AWS Control Tower and using a delegated administrator account, you can achieve a centralized and comprehensive view of your organization's security posture, facilitating effective management and remediation of security issues.

Reference

AWS Security Hub now integrates with AWS Control Tower77

AWS Control Tower and Security Hub Integration76

AWS Security Hub Features79


by Magda at Sep 15, 2024, 03:55 AM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Eulah
27 days ago
Aw man, these options are like a game of 'Guess the Security Tool.' I just want to go home and play some 'AWS Tycoon' instead.
upvoted 0 times
...
Martina
30 days ago
Option B for the win! Enabling Detective is like hiring a private eye to keep an eye on our AWS accounts. Gotta love those detective skills!
upvoted 0 times
Deandrea
18 days ago
Option B sounds like a great choice. Detective skills for our AWS accounts, I like it!
upvoted 0 times
...
...
Mariann
1 months ago
Why do you think option D is better?
upvoted 0 times
...
Werner
1 months ago
I disagree, I believe option D is the most suitable solution.
upvoted 0 times
...
Anastacia
1 months ago
I don't know, Option A with the Config conformance pack sounds a bit complicated. Why go through all that when we can just use Detective or Security Hub?
upvoted 0 times
Bettye
2 days ago
True, but the Config conformance pack can help ensure all accounts are compliant with security policies.
upvoted 0 times
...
Werner
8 days ago
But enabling Amazon Detective or AWS Security Hub is simpler and more straightforward.
upvoted 0 times
...
Chaya
15 days ago
True, it depends on the specific needs and preferences of the company's security team.
upvoted 0 times
...
Florencia
17 days ago
But enabling Amazon Detective or AWS Security Hub would be simpler and more straightforward for the security team.
upvoted 0 times
...
Tegan
23 days ago
Option A with the Config conformance pack provides more control and customization for preventive and detective controls.
upvoted 0 times
...
Fallon
1 months ago
Option A with the Config conformance pack is more thorough and can provide a centralized view of security state.
upvoted 0 times
...
...
Louvenia
2 months ago
Hmm, Option C seems interesting. Deploying a CloudFormation stack set to automatically enable Detective across the organization could be a neat way to do this.
upvoted 0 times
...
Judy
2 months ago
I'm leaning towards Option D. Enabling Security Hub and setting up a delegated admin account could give us the centralized security view we need.
upvoted 0 times
Cordelia
1 months ago
True, Option A could work too. It really depends on the specific needs and preferences of the security team.
upvoted 0 times
...
Gail
1 months ago
But what about Option A? Using CloudFormation StackSets for AWS Config conformance pack deployment could also be effective.
upvoted 0 times
...
Haley
1 months ago
I agree, having a delegated admin account for Security Hub could make management easier.
upvoted 0 times
...
Andree
1 months ago
Option D sounds like a good choice. Security Hub can provide that centralized view we need.
upvoted 0 times
...
...
Mariann
2 months ago
I think option A is the best choice.
upvoted 0 times
...
Casey
2 months ago
Option B looks like the way to go. Enabling Detective and designating a delegated admin account seems like the most straightforward solution.
upvoted 0 times
Lezlie
1 months ago
Yeah, I think enabling Amazon Detective and designating a delegated admin account is the most efficient way to monitor the security state of all the accounts.
upvoted 0 times
...
Joaquin
1 months ago
I agree, option B seems like the best choice. Having a designated admin for Detective makes it easier to manage.
upvoted 0 times
...
...

Save Cancel