Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam SAP-C02 Topic 6 Question 42 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 42
Topic #: 6
[All SAP-C02 Questions]

A company creates an AWS Control Tower landing zone to manage and govern a multi-account AWS environment. The company's security team will deploy preventive controls and detective controls to monitor AWS services across all the accounts. The security team needs a centralized view of the security state of all the accounts.

Which solution will meet these requirements'?

Show Suggested Answer Hide Answer
Suggested Answer: D

Enable AWS Security Hub:

Navigate to the AWS Security Hub console in your management account and enable Security Hub. This process integrates Security Hub with AWS Control Tower, allowing you to manage and monitor security findings across all accounts within your organization.

Designate a Delegated Administrator:

In AWS Organizations, designate one of the AWS accounts as the delegated administrator for Security Hub. This account will have the responsibility to manage and oversee the security posture of all accounts within the organization.

Deploy Controls Across Accounts:

Use AWS Security Hub to automatically enable security controls across all AWS accounts in the organization. This provides a centralized view of the security state of all accounts and ensures continuous monitoring and compliance.

Utilize AWS Security Hub Features:

Leverage the capabilities of Security Hub to aggregate security alerts, run continuous security checks, and generate findings based on the AWS Foundational Security Best Practices. Security Hub integrates with other AWS services like AWS Config, Amazon GuardDuty, and AWS IAM Access Analyzer to enhance security monitoring and remediation.

By integrating AWS Security Hub with AWS Control Tower and using a delegated administrator account, you can achieve a centralized and comprehensive view of your organization's security posture, facilitating effective management and remediation of security issues.

Reference

AWS Security Hub now integrates with AWS Control Tower77

AWS Control Tower and Security Hub Integration76

AWS Security Hub Features79


by Magda at Sep 15, 2024, 03:55 AM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Eulah
2 months ago
Aw man, these options are like a game of 'Guess the Security Tool.' I just want to go home and play some 'AWS Tycoon' instead.
upvoted 0 times
...
Martina
2 months ago
Option B for the win! Enabling Detective is like hiring a private eye to keep an eye on our AWS accounts. Gotta love those detective skills!
upvoted 0 times
Lauran
19 days ago
User 3: I agree, it's like having a private eye watching over our accounts 24/7. Option B is the way to go!
upvoted 0 times
...
Ria
20 days ago
User 2: Yeah, having Amazon Detective enabled will definitely help us keep track of everything going on in our AWS environment.
upvoted 0 times
...
Deandrea
2 months ago
Option B sounds like a great choice. Detective skills for our AWS accounts, I like it!
upvoted 0 times
...
...
Mariann
2 months ago
Why do you think option D is better?
upvoted 0 times
...
Werner
2 months ago
I disagree, I believe option D is the most suitable solution.
upvoted 0 times
...
Anastacia
2 months ago
I don't know, Option A with the Config conformance pack sounds a bit complicated. Why go through all that when we can just use Detective or Security Hub?
upvoted 0 times
Jina
28 days ago
I see your point, but Detective or Security Hub might be easier to manage in the long run.
upvoted 0 times
...
Bettye
1 months ago
True, but the Config conformance pack can help ensure all accounts are compliant with security policies.
upvoted 0 times
...
Werner
1 months ago
But enabling Amazon Detective or AWS Security Hub is simpler and more straightforward.
upvoted 0 times
...
Chaya
1 months ago
True, it depends on the specific needs and preferences of the company's security team.
upvoted 0 times
...
Florencia
2 months ago
But enabling Amazon Detective or AWS Security Hub would be simpler and more straightforward for the security team.
upvoted 0 times
...
Tegan
2 months ago
Option A with the Config conformance pack provides more control and customization for preventive and detective controls.
upvoted 0 times
...
Fallon
2 months ago
Option A with the Config conformance pack is more thorough and can provide a centralized view of security state.
upvoted 0 times
...
...
Louvenia
3 months ago
Hmm, Option C seems interesting. Deploying a CloudFormation stack set to automatically enable Detective across the organization could be a neat way to do this.
upvoted 0 times
...
Judy
3 months ago
I'm leaning towards Option D. Enabling Security Hub and setting up a delegated admin account could give us the centralized security view we need.
upvoted 0 times
Cordelia
2 months ago
True, Option A could work too. It really depends on the specific needs and preferences of the security team.
upvoted 0 times
...
Gail
2 months ago
But what about Option A? Using CloudFormation StackSets for AWS Config conformance pack deployment could also be effective.
upvoted 0 times
...
Haley
2 months ago
I agree, having a delegated admin account for Security Hub could make management easier.
upvoted 0 times
...
Andree
2 months ago
Option D sounds like a good choice. Security Hub can provide that centralized view we need.
upvoted 0 times
...
...
Mariann
3 months ago
I think option A is the best choice.
upvoted 0 times
...
Casey
3 months ago
Option B looks like the way to go. Enabling Detective and designating a delegated admin account seems like the most straightforward solution.
upvoted 0 times
Lezlie
2 months ago
Yeah, I think enabling Amazon Detective and designating a delegated admin account is the most efficient way to monitor the security state of all the accounts.
upvoted 0 times
...
Joaquin
2 months ago
I agree, option B seems like the best choice. Having a designated admin for Detective makes it easier to manage.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77