A company is designing a multi-account AWS environment. They want to ensure that all VPC Flow Logs, AWS CloudTrail logs, and Amazon Route 53 DNS query logs are stored in a centralized S3 bucket in a dedicated Log Archive account. Which AWS service provides a managed solution to set up this baseline architecture?

Answer options:

AWS Systems Manager

AWS Control Tower

AWS Security Hub

AWS CloudFormation StackSets

How to approach this question

Identify the managed service for multi-account baselines.

Full Answer

B.AWS Control Tower✓ Correct

AWS Control Tower provides the easiest way to set up and govern a secure, multi-account AWS environment (Landing Zone). It automatically creates a Log Archive account and configures centralized logging.

Common mistakes

Choosing StackSets, which requires building the solution from scratch.

Question 64 All questions Question 66

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 2

75 questions · hints · full answers · grading

More questions from this exam

Q01A company is setting up a multi-account AWS environment using AWS Organizations. They need to ens...Easy Q02An enterprise needs to connect its on-premises data center to AWS. They require a dedicated, priv...Easy Q03A company wants to share a single AWS Transit Gateway across multiple AWS accounts within their A...Easy Q04An architect needs to design a highly available database architecture that spans multiple AWS Reg...Easy Q05A global financial institution is migrating its core banking application to AWS. The application ...Medium

View all 75 questions →