Domain 1.2: Security Controls — AWS SAP-C02 Practice Question 54

How to approach this question

Leverage AWS Organizations delegated administration.

Full Answer

B.Designate the Security Tooling account as the GuardDuty delegated administrator in AWS Organizations, and enable GuardDuty for all accounts via the delegated admin.✓ Correct

Designate the Security Tooling account as the GuardDuty delegated administrator in AWS Organizations, and enable GuardDuty for all accounts via the delegated admin.

Many AWS security services (GuardDuty, Security Hub, Macie) support Delegated Administration via AWS Organizations. This allows a central security account to manage and aggregate findings for the entire organization automatically.

Common mistakes

Using manual invitations or custom scripts instead of native Org integration.

An enterprise has 100 AWS accounts. They want to ensure that Amazon GuardDuty is enabled in every account and region, and that all findings are aggregated into a central 'Security Tooling' account. What is the MOST operationally efficient way to achieve this?

How to approach this question

Full Answer

Common mistakes

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 2

More questions from this exam