ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 3.2: Security ImprovementSecuritySecurity HubCompliance

AWS SAP-C02 · Question 10 · Domain 3.2: Security Improvement

An enterprise has 100+ AWS accounts. They want to ensure that all EBS snapshots are encrypted, no public S3 buckets exist, and MFA is enabled for all IAM users. They need a centralized dashboard to view the compliance status of all accounts and automatically remediate non-compliant resources. Which service combination BEST meets these requirements?

Answer options:

A.

AWS Security Hub integrated with AWS Config. Use Security Hub custom actions and Amazon EventBridge to trigger AWS Systems Manager Automation runbooks for remediation.

B.

AWS Trusted Advisor organizational view. Write custom AWS Lambda functions triggered by Trusted Advisor alerts to remediate issues.

C.

AWS CloudTrail organization trail. Send logs to Amazon OpenSearch Service and use Kibana dashboards. Trigger Lambda from OpenSearch alerts.

D.

AWS Systems Manager Explorer. Use Patch Manager to enforce compliance and State Manager to apply remediation scripts.

How to approach this question

Identify the AWS service designed for centralized security posture management and compliance monitoring.

Full Answer

A.AWS Security Hub integrated with AWS Config. Use Security Hub custom actions and Amazon EventBridge to trigger AWS Systems Manager Automation runbooks for remediation.✓ Correct
AWS Security Hub integrated with AWS Config. Use Security Hub custom actions and Amazon EventBridge to trigger AWS Systems Manager Automation runbooks for remediation.
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. It uses AWS Config rules to evaluate compliance against standards (like CIS AWS Foundations). You can automate remediation using EventBridge and Systems Manager Automation.

Common mistakes

Confusing Trusted Advisor's basic checks with Security Hub's comprehensive compliance frameworks.
09All questions11

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 5

75 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A global enterprise is redesigning its AWS network architecture across 50 AWS accounts and 3 AWS ...HardQ02A company uses AWS Organizations to manage multiple accounts. The security team mandates that no ...MediumQ03A financial institution requires a disaster recovery strategy for its critical trading applicatio...HardQ04An enterprise is setting up a new multi-account AWS environment using AWS Control Tower. They nee...MediumQ05A company has a complex AWS environment with hundreds of linked accounts under AWS Organizations....Hard
View all 75 questions →