A company wants to deploy a continuous security threat-detection service at scale to automatically analyze all the company’s member accounts in AWS Organizations within the ap-east-1 Region. The company’s organization includes a management account, a security account, and many member accounts. When the company creates a new member account, the threat-detection service should automatically analyze the new account so that the company can review any findings from the security account.
Which solution uses AWS security best practices and meets these requirements with the LEAST effort?

A. Activate Amazon GuardDuty in ap-east-1. Designate the security account as the GuardDuty delegated administrator by using the console.

B. Activate Amazon GuardDuty in ap-east-1 with trusted access to AWS Organizations. Designate the management account as the GuardDuty organization administrator.

C. Activate AWS Security Hub in ap-east-1. Designate the management account as the Security Hub delegated administrator by using the console.

D. Activate AWS Control Tower in ap-east-1 with trusted access to AWS Organizations. Designate the security account as the organization administrator.








 

Suggested Answer: B

Community Answer: A




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.