A company uses an organization in AWS Organizations to manage its AWS accounts. The compa…

Question

A company uses an organization in AWS Organizations to manage its AWS accounts. The company recently acquired another company that has standalone AWS accounts. The acquiring company's DevOps team needs to consolidate the administration of the AWS accounts for both companies and retain full administrative control of the accounts. The DevOps team also needs to collect and group findings across all the accounts to implement and maintain a security posture. Which combination of steps should the DevOps team take to meet these requirements? (Choose two.)

Accepted Answer

Correct answer: B, C. B. Invite the acquired company's AWS accounts to join the organization. Create the OrganizationAccountAccessRole IAM role in the invited accounts. Grant permission to the management account to assume the role. — C. Use AWS Security Hub to collect and group findings across all accounts. Use Security Hub to automatically detect new accounts as the accounts are added to the organization. — Option B is correct as it allows the management account to assume the OrganizationAccountAccessRole IAM role for administrative access to the acquired accounts. Option C is also correct because AWS Security Hub provides a centralized way to gather security findings across all accounts. Options A, D, and E do not fully address the requirement for administrative control and security findings consolidation as effectively as B and C do.

AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 174

Answer options

Correct answer: B, C

Explanation