A security administrator has enabled AWS Security Hub for all the AWS accounts in an orga…

Question

A security administrator has enabled AWS Security Hub for all the AWS accounts in an organization in AWS Organizations. The security team wants near-real-time response and remediation for deployed AWS resources that do not meet security standards. All changes must be centrally logged for auditing purposes. The organization has reached the quotas for the number of SCPs attached to an OU and SCP document size. The team wants to avoid making any changes to any of the SCPs. The solution must maximize scalability and cost-effectiveness. Which combination of actions should the security administrator take to meet these requirements? (Choose three.)

Accepted Answer

Correct answer: A, C, D. A. Create an AWS Config custom rule to detect configuration changes to AWS resources. Create an AWS Lambda function to remediate the AWS resources in the delegated administrator AWS account. — C. Create a Security Hub custom action to reference in an Amazon EventBridge event rule in the delegated administrator AWS account. — D. Create an Amazon EventBridge event rule to Invoke an AWS Lambda function that will take action on AWS resources. — The correct actions involve creating an AWS Config custom rule to detect configuration changes (A), using a Security Hub custom action that can be referenced in an EventBridge rule (C), and setting up an EventBridge rule to invoke a Lambda function for action on resources (D). Options B, E, and F do not meet the requirements as they either rely on additional services that do not provide the same level of immediate remediation or do not effectively utilize Security Hub's capabilities.

AWS Certified Security – Specialty (SCS-C02) — Question 170

Answer options

Correct answer: A, C, D

Explanation