Q56 — AWS SAP-C02 Ch.3
Question 56 of 75 | ← Chapter 3
Q281. A company is using an organization in AWS Organizations to manage hundreds of AWS accounts.A solutions architect is working on a solution to provide baseline protection for the Open Web Application Security Project (OWASP) top 10 web application vulnerabilities. The solutions architect is using AWS WAF for all existing and new Amazon CloudFront distributions that are deployed within the organization. Which combination of steps should the solutions architect take to provide the baseline protection? (Select THREE)
- A. Enable AWS Config in all accounts ✓
- B. Enable Amazon GuardDuty in all accounts
- C. Enable all features for the organization ✓
- D. Use AWS Firewall Manager to deploy AWS WAF rules in all accounts for all CloudFront distributions ✓
- E. Use AWS Shield Advanced to deploy AWS WAF rules in all accounts for all CloudFront distributions
- F. Use AWS Security Hub to deploy AWS WAF rules in all accounts for all CloudFront distributions
Correct Answer: A. Enable AWS Config in all accounts, C. Enable all features for the organization, D. Use AWS Firewall Manager to deploy AWS WAF rules in all accounts for all CloudFront distributions
Explanation
A. Enable AWS Config in all accounts. Enabling AWS Config in all accounts will help assess resource configurations and changes for compliance with organizational policies. C. Enable all features for the organization. Enabling all features for the organization can help ensure that all available security measures are being used across the organization's AWS environment. D. Use AWS Firewall Manager to deploy AWS WAF rules in all accounts for all CloudFront distributions. AWS Firewall Manager can be used to centrally manage AWS WAF rules for all CloudFront distributions deployed within the organization. This approach simplifies the management of multiple accounts and ensures consistent application of security policies. B, E, and F are not correct: B. Enable Amazon GuardDuty in all accounts. While Amazon GuardDuty can help detect malicious activity and unauthorized behavior across the organization's AWS environment, it does not provide a direct solution to protecting against OWASP top 10 web application vulnerabilities. E. Use AWS Shield Advanced to deploy AWS WAF rules in all accounts for all CloudFront distributions. AWS Shield Advanced provides enhanced DDoS protection for CloudFront distributions but it is not directly related to protecting against OWASP top 10 web application vulnerabilities. F. Use AWS Security Hub to deploy AWS WAF rules in all accounts for all CloudFront distributions. AWS Security Hub can be used to monitor and enforce compliance with security policies across the organization's AWS environment. However, its use is not specific enough to address protecting against OWASP top 10 web application vulnerabilities.