ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 186 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 186
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company used AWS Organizations to set up an environment with multiple AWS accounts. The company's organization currently has two AWS accounts, and the company expects to add more than 50 AWS accounts during the next 12 months. The company will require all existing and future AWS accounts to use Amazon GuardDuty. Each existing AWS account has GuardDuty active. The company reviews GuardDuty findings by logging into each AWS account individually.

The company wants a centralized view of the GuardDuty findings for the existing AWS accounts and any future AWS accounts. The company also must ensure that any new AWS account has GuardDuty automatically turned on.

Which solution will meet these requirements?

  • A. Enable AWS Security Hub in the organization's management account. Configure GuardDuty within the management account to send all GuardDuty findings to Security Hub.
  • B. Create a new AWS account in the organization. Enable GuardDuty in the new account. Designate the new account as the delegated administrator account for GuardDuty. Configure GuardDuty to add existing accounts as member accounts. Select the option to automatically add new AWS accounts to the organization.
  • C. Create a new AWS account in the organization. Enable GuardDuty in the new account. Enable AWS Security Hub in each account. Select the option to automatically add new AWS accounts to the organization.
  • D. Enable AWS Security Hub in the organization's management account. Designate the management account as the delegated administrator account for Security Hub. Add existing accounts as member accounts. Select the option to automatically add new AWS accounts to the organization. Send all Security Hub findings to the organization's GuardDuty account.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by VPNalumni at Oct. 12, 2024, 10:45 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Pat9595
2 months, 3 weeks ago
Selected Answer: B
Here’s why this option fits: Centralized Management: By designating a new account as the delegated administrator for GuardDuty, you centralize the view and management of GuardDuty findings across all accounts. This setup is ideal when scaling to many accounts, as it keeps everything organized and easy to manage. Automatic Enrollment: The option to automatically add new AWS accounts ensures that any newly created accounts will have GuardDuty enabled by default, maintaining consistent security posture across the organization. Separation of Duties: Using a dedicated account for security services like GuardDuty keeps things isolated from other management functions, enhancing security and clarity.
upvoted 1 times
...
VPNalumni
6 months, 2 weeks ago
https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago