Q62 — AWS SAA-C03 Ch.5
Question 62 of 65 | ← Chapter 5
Q362. A company provides software as a service (SaaS) products to financial companies. The company uses AWS Organizations to manage its AWS accounts.The company needs to improve its security posture to meet financial industry standards. The company requires access to high-severity alerts and security findings across all its AWS accounts in a single place that uses a standard format. The company also wants an automated solution to check its environment against security best practices.Which solution will meet these requirements?
- A. Use Organizations to create global rules in AWS Config. Evaluate the rules based on the company's security policies, regulations, and security best practices. Create Amazon EventBridge rules that match AWS Config rule evaluations that have a noncompliant status. Configure the EventBridge rules to target an AWS Lambda function to automate updates to security groups and to the configuration of network ACLs according to the company's security standards
- B. Use AWS Trusted Advisor and AWS Lambda functions to automate and integrate alerts. Configure Trusted Advisor to automatically run security checks based on AWS best practices, industry standards and the company's security standards
- C. Configure AWS Security Hub to auto-enable for member accounts in the organization. Use Security Hub to automatically run security checks based on AWS best practices, industry standards, and the company's security standards ✓
- D. Configure a delegated administrator account for AWS GuardDuty in the organization. Create Amazon EventBridge rules that match GuardDuty findings. Configure the rules to invoke an AWS Lambda function to automate updates of the security groups and the configuration of network ACLs according to the company's security standards
Correct Answer: C. Configure AWS Security Hub to auto-enable for member accounts in the organization. Use Security Hub to automatically run security checks based on AWS best practices, industry standards, and the company's security standards
Explanation
C. Configure AWS Security Hub to auto-enable for member accounts in the organization. Use Security Hub to automatically run security checks based on AWS best practices, industry standards, and the company's security standards.The solution that will meet the requirements is to configure AWS Security Hub to auto-enable for member accounts in the organization. By doing this, Security Hub will automatically run security checks on all the AWS accounts within the organization, including the SaaS products provided by the company.Here's how this solution meets the requirements:Auto-enable Security Hub: By configuring Security Hub to auto-enable for member accounts in the organization, the company ensures that all accounts, including the SaaS products' accounts, are continuously monitored for security issues.Run security checks: Security Hub provides a wide range of built-in security checks based on AWS best practices, industry standards, and customizable security standards. It automatically evaluates the security posture of each account and generates high-severity alerts and findings. Centralized view: Security Hub provides a single place to view and manage security alerts and findings across all AWS accounts in the organization. This allows the company to have a unified and comprehensive view of its security posture.Automation: While Security Hub itself does not perform automated remediation, it can integrate with other AWS services like AWS Systems Manager or AWS Lambda to automate updates to security groups, network ACLs, or other configurations based on the security standards defined by the company. By leveraging AWS Security Hub, the company can effectively monitor and manage the security of its SaaS products and AWS accounts. It provides high-severity alerts and security findings in a standardized format, along with the ability to automate security best practice checks and remediation actions.