ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 787 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 787
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has an organization in AWS Organizations that has all features enabled. The company requires that all API calls and logins in any existing or new AWS account must be audited. The company needs a managed solution to prevent additional work and to minimize costs. The company also needs to know when any AWS account is not compliant with the AWS Foundational Security Best Practices (FSBP) standard.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Deploy an AWS Control Tower environment in the Organizations management account. Enable AWS Security Hub and AWS Control Tower Account Factory in the environment.
  • B. Deploy an AWS Control Tower environment in a dedicated Organizations member account. Enable AWS Security Hub and AWS Control Tower Account Factory in the environment.
  • C. Use AWS Managed Services (AMS) Accelerate to build a multi-account landing zone (MALZ). Submit an RFC to self-service provision Amazon GuardDuty in the MALZ.
  • D. Use AWS Managed Services (AMS) Accelerate to build a multi-account landing zone (MALZ). Submit an RFC to self-service provision AWS Security Hub in the MALZ.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Andy_09 at Feb. 6, 2024, 8:11 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
FlyingHawk
4 days, 2 hours ago
Selected Answer: A
This question was in my today's exam.
upvoted 1 times
...
LeonSauveterre
1 month, 2 weeks ago
Selected Answer: A
A - Control Tower enforces centralized logging, monitoring, and account management. Security Hub monitors compliance with AWS Foundational Security Best Practices (FSBP). Account Factory simplifies the creation of new accounts with preconfigured settings. B - Control Tower is intended to be deployed in the management account, not a member account, which deviates from AWS-recommended practices. C - GuardDuty focuses on security threats rather than compliance monitoring for FSBP. D - AMS Accelerate is more suitable for enterprises with highly complex requirements. Also, more operational overheads and cost more, but the question wants "to prevent additional work and to minimize costs".
upvoted 1 times
...
LuongTo
3 months, 1 week ago
Why not B?
upvoted 1 times
...
Kezuko
10 months, 3 weeks ago
Selected Answer: A
https://docs.aws.amazon.com/controltower/latest/userguide/security-hub-controls.html
upvoted 4 times
...
Ipergorta
10 months, 3 weeks ago
Option D
upvoted 1 times
...
asdfcdsxdfc
11 months, 1 week ago
Selected Answer: A
A is correct
upvoted 2 times
...
kempes
1 year ago
Selected Answer: A
Option A
upvoted 4 times
...
Andy_09
1 year ago
Option A
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago