New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAP-C02 Exam - Topic 6 Question 42 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 42
Topic #: 6
[All SAP-C02 Questions]

A company creates an AWS Control Tower landing zone to manage and govern a multi-account AWS environment. The company's security team will deploy preventive controls and detective controls to monitor AWS services across all the accounts. The security team needs a centralized view of the security state of all the accounts.

Which solution will meet these requirements'?

Show Suggested Answer Hide Answer
Suggested Answer: D

Enable AWS Security Hub:

Navigate to the AWS Security Hub console in your management account and enable Security Hub. This process integrates Security Hub with AWS Control Tower, allowing you to manage and monitor security findings across all accounts within your organization.

Designate a Delegated Administrator:

In AWS Organizations, designate one of the AWS accounts as the delegated administrator for Security Hub. This account will have the responsibility to manage and oversee the security posture of all accounts within the organization.

Deploy Controls Across Accounts:

Use AWS Security Hub to automatically enable security controls across all AWS accounts in the organization. This provides a centralized view of the security state of all accounts and ensures continuous monitoring and compliance.

Utilize AWS Security Hub Features:

Leverage the capabilities of Security Hub to aggregate security alerts, run continuous security checks, and generate findings based on the AWS Foundational Security Best Practices. Security Hub integrates with other AWS services like AWS Config, Amazon GuardDuty, and AWS IAM Access Analyzer to enhance security monitoring and remediation.

By integrating AWS Security Hub with AWS Control Tower and using a delegated administrator account, you can achieve a centralized and comprehensive view of your organization's security posture, facilitating effective management and remediation of security issues.

Reference

AWS Security Hub now integrates with AWS Control Tower77

AWS Control Tower and Security Hub Integration76

AWS Security Hub Features79


by Magda at Sep 15, 2024, 03:55 AM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Earlean
3 months ago
Wait, can you really use Detective for this? Sounds odd.
upvoted 0 times
...
Magdalene
3 months ago
Totally agree with D, Security Hub is a game changer!
upvoted 0 times
...
Isaac
3 months ago
Not sure about C, does it really cover all accounts?
upvoted 0 times
...
Cecily
4 months ago
I think D is the best choice for a centralized view!
upvoted 0 times
...
Tanesha
4 months ago
Option A seems solid for compliance checks.
upvoted 0 times
...
Darnell
4 months ago
I’m a bit confused about the differences between Detective and Security Hub; I thought they both offered insights but in different ways.
upvoted 0 times
...
Becky
4 months ago
I feel like we practiced a question similar to this, and I lean towards option D, but I can't recall all the details about the delegated administrator part.
upvoted 0 times
...
Holley
4 months ago
I think enabling AWS Security Hub sounds familiar; it might provide the centralized security view we need across accounts.
upvoted 0 times
...
Lavonna
5 months ago
I remember we discussed using AWS Config conformance packs in our study group, but I'm not entirely sure if that's the best option for a centralized view.
upvoted 0 times
...
Lashonda
5 months ago
Option D seems like the most comprehensive solution to me. Enabling Security Hub across the organization and designating a delegated admin account should give the security team the centralized view they need.
upvoted 0 times
...
Salena
5 months ago
Hmm, this is a tricky one. I need to make sure I fully grasp the scenario and the different AWS services mentioned before I decide on the best solution.
upvoted 0 times
...
Kayleigh
5 months ago
This looks like a straightforward question about securing a multi-account AWS environment. I'll focus on understanding the requirements and then evaluating each option carefully.
upvoted 0 times
...
Carlee
5 months ago
I'm leaning towards Option B. Enabling Detective and designating a delegated admin account could provide the security insights they're looking for in a more streamlined way.
upvoted 0 times
...
Ruthann
5 months ago
This is a great opportunity to showcase my incident response skills. I'll make sure to cover all the bases - the cause and effect, the risk assessment, and the overall impact and flow of the incident. Gotta nail this report!
upvoted 0 times
...
Eulah
1 year ago
Aw man, these options are like a game of 'Guess the Security Tool.' I just want to go home and play some 'AWS Tycoon' instead.
upvoted 0 times
...
Martina
1 year ago
Option B for the win! Enabling Detective is like hiring a private eye to keep an eye on our AWS accounts. Gotta love those detective skills!
upvoted 0 times
Lauran
1 year ago
User 3: I agree, it's like having a private eye watching over our accounts 24/7. Option B is the way to go!
upvoted 0 times
...
Ria
1 year ago
User 2: Yeah, having Amazon Detective enabled will definitely help us keep track of everything going on in our AWS environment.
upvoted 0 times
...
Deandrea
1 year ago
Option B sounds like a great choice. Detective skills for our AWS accounts, I like it!
upvoted 0 times
...
...
Mariann
1 year ago
Why do you think option D is better?
upvoted 0 times
...
Werner
1 year ago
I disagree, I believe option D is the most suitable solution.
upvoted 0 times
...
Anastacia
1 year ago
I don't know, Option A with the Config conformance pack sounds a bit complicated. Why go through all that when we can just use Detective or Security Hub?
upvoted 0 times
Jina
1 year ago
I see your point, but Detective or Security Hub might be easier to manage in the long run.
upvoted 0 times
...
Bettye
1 year ago
True, but the Config conformance pack can help ensure all accounts are compliant with security policies.
upvoted 0 times
...
Werner
1 year ago
But enabling Amazon Detective or AWS Security Hub is simpler and more straightforward.
upvoted 0 times
...
Chaya
1 year ago
True, it depends on the specific needs and preferences of the company's security team.
upvoted 0 times
...
Florencia
1 year ago
But enabling Amazon Detective or AWS Security Hub would be simpler and more straightforward for the security team.
upvoted 0 times
...
Tegan
1 year ago
Option A with the Config conformance pack provides more control and customization for preventive and detective controls.
upvoted 0 times
...
Fallon
1 year ago
Option A with the Config conformance pack is more thorough and can provide a centralized view of security state.
upvoted 0 times
...
...
Louvenia
1 year ago
Hmm, Option C seems interesting. Deploying a CloudFormation stack set to automatically enable Detective across the organization could be a neat way to do this.
upvoted 0 times
...
Judy
1 year ago
I'm leaning towards Option D. Enabling Security Hub and setting up a delegated admin account could give us the centralized security view we need.
upvoted 0 times
Cordelia
1 year ago
True, Option A could work too. It really depends on the specific needs and preferences of the security team.
upvoted 0 times
...
Gail
1 year ago
But what about Option A? Using CloudFormation StackSets for AWS Config conformance pack deployment could also be effective.
upvoted 0 times
...
Haley
1 year ago
I agree, having a delegated admin account for Security Hub could make management easier.
upvoted 0 times
...
Andree
1 year ago
Option D sounds like a good choice. Security Hub can provide that centralized view we need.
upvoted 0 times
...
...
Mariann
1 year ago
I think option A is the best choice.
upvoted 0 times
...
Casey
1 year ago
Option B looks like the way to go. Enabling Detective and designating a delegated admin account seems like the most straightforward solution.
upvoted 0 times
Lezlie
1 year ago
Yeah, I think enabling Amazon Detective and designating a delegated admin account is the most efficient way to monitor the security state of all the accounts.
upvoted 0 times
...
Joaquin
1 year ago
I agree, option B seems like the best choice. Having a designated admin for Detective makes it easier to manage.
upvoted 0 times
...
...

Save Cancel