Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 271 discussion

How Option D Works: 1. Designate a Delegated Administrator Account • In the AWS Organizations management account, set a Security Hub delegated administrator account (e.g., a security account). • This centralizes management of Security Hub across all accounts. 2. Create a Security Hub Configuration Policy in the Delegated Administrator Account • Security Hub provides configuration policies that automatically enable Security Hub for all existing and future accounts in the organization. 3. Associate the Policy with the Organization Root • This ensures that every new AWS account automatically joins Security Hub without requiring any manual intervention or custom automation.

Answer B AWS Security Hub offers an automatic onboarding feature when it is enabled in the organization’s management account. New accounts created under AWS Organizations can automatically be onboarded into Security Hub, so they become member accounts as long as the management account has Security Hub enabled and the accounts are part of the same organization. No extra configuration or development is needed.

it not B. because new accounts need to be configured the appropriate settings with a delegated administrator or create automation to enable Security Hub. This answer is incomplete.

New accounts are automatically enrolled as member accounts

When Security Hub is enabled in the organization's management account, new accounts are automatically enrolled as member accounts. This approach minimizes the need for additional configuration or custom development, ensuring that all new accounts are seamlessly integrated into Security Hub.

D makes the most sense

It's best practice to designate a delegated security administrator account. https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html https://docs.aws.amazon.com/securityhub/latest/userguide/create-associate-policy.html