AWS Certified Security – Specialty (SCS-C03) — Question 44

A company uses AWS Organizations to manage its AWS accounts. The company has a development account and a production account. An auditor has requested evidence that the production account workloads are resilient to disruption. The company needs a solution that improves the resilience of each production account workload.
Which solution will meet these requirements?

Answer options

• A. Use AWS Audit Manager to create a new assessment based on AWS Operational Best Practices in the production account. After the assessments are finished, provide the auditor with direct access to the reports.
• B. Review the architecture by using the AWS Well-Architected Tool. Use the Well-Architected Framework and focus on the Operational Excellence, Security, and Reliability pillars. Document and implement mitigations for the identified risks. Provide the documentation to the auditor.
• C. Use Amazon Inspector with a multi-account environment to assess the production account workloads for vulnerabilities. Create a CIS scan in Amazon Inspector. Configure the CIS scan as a one time scan with Benchmark Level 2. After the scan is finished, download the PDF report and provide the report to the auditor.
• D. Use the AWS Fault Injection Service to create experiments in the development account for each workload. Adjust the configuration and architecture of the workloads to improve resilience. Run the experiments again. Download the PDF reports and provide the reports to the auditor.

Correct answer: B

Explanation

The correct answer is B because it involves a thorough review of the production account's architecture using the AWS Well-Architected Tool, focusing on key pillars that enhance resilience. Options A and C do not directly address resilience improvements, and option D focuses on the development account rather than the production account, making it inadequate for the auditor's request.