exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 271 discussion

A company has a multi-account strategy that uses an organization in AWS Organizations with all features enabled. The company has enabled trusted access for AWS Account Management. New accounts are provisioned through AWS Control Tower Account Factory.

The company must ensure that all new accounts in the organization become AWS Security Hub member accounts.

Which solution will meet these requirements with the LEAST development effort?

  • A. Enable Security Hub in the organization’s management account. Create an AWS Step Functions workflow. Create an Amazon EventBridge rule to invoke the workflow when a CreateAccount event occurs.
  • B. Enable Security Hub in the organization’s management account. Wait for all new accounts to complete automatic onboarding.
  • C. Enable Security Hub in the organization’s management account. Create an AWS Lambda function to enable Security Hub for new accounts. Invoke the Lambda function by using an AWS Control Tower lifecycle event that occurs when a new account is provisioned.
  • D. Use the organization’s management account to designate a Security Hub delegated administrator account. In the delegated administrator account, create a configuration policy to enable Security Hub. Associate the configuration policy with the organization root.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Community vote distribution
D (67%)
B (33%)

Comments

Chosen Answer:
This is a voting comment. You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
woonsi
1 day, 11 hours ago
Selected Answer: D
How Option D Works: 1. Designate a Delegated Administrator Account • In the AWS Organizations management account, set a Security Hub delegated administrator account (e.g., a security account). • This centralizes management of Security Hub across all accounts. 2. Create a Security Hub Configuration Policy in the Delegated Administrator Account • Security Hub provides configuration policies that automatically enable Security Hub for all existing and future accounts in the organization. 3. Associate the Policy with the Organization Root • This ensures that every new AWS account automatically joins Security Hub without requiring any manual intervention or custom automation.
upvoted 1 times
...
youonebe
2 months ago
Selected Answer: B
Answer B AWS Security Hub offers an automatic onboarding feature when it is enabled in the organization’s management account. New accounts created under AWS Organizations can automatically be onboarded into Security Hub, so they become member accounts as long as the management account has Security Hub enabled and the accounts are part of the same organization. No extra configuration or development is needed.
upvoted 1 times
...
TareDHakim
2 months ago
Selected Answer: D
it not B. because new accounts need to be configured the appropriate settings with a delegated administrator or create automation to enable Security Hub. This answer is incomplete.
upvoted 2 times
...
Asma2023
2 months, 1 week ago
Selected Answer: B
New accounts are automatically enrolled as member accounts
upvoted 1 times
...
Pmktechno
2 months, 2 weeks ago
Selected Answer: B
When Security Hub is enabled in the organization's management account, new accounts are automatically enrolled as member accounts. This approach minimizes the need for additional configuration or custom development, ensuring that all new accounts are seamlessly integrated into Security Hub.
upvoted 1 times
...
0adbfdf
3 months, 2 weeks ago
Selected Answer: D
D makes the most sense
upvoted 1 times
...
k23319
3 months, 3 weeks ago
Selected Answer: D
It's best practice to designate a delegated security administrator account. https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html https://docs.aws.amazon.com/securityhub/latest/userguide/create-associate-policy.html
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
AZ-305
Brisbane, 1 minute ago