AWS Certified Security – Specialty — Question 161

A company's director of information security wants a daily email report from AWS that contains recommendations for each company account to meet AWS
Security best practices.
Which solution would meet these requirements?

Answer options

• A. In every AWS account, configure AWS Lambda to query the AWS Support API for AWS Trusted Advisor security checks. Send the results from Lambda to an Amazon SNS topic to send reports.
• B. Configure Amazon GuardDuty in a master account and invite all other accounts to be managed by the master account. Use GuardDuty's integration with Amazon SNS to report on findings.
• C. Use Amazon Athena and Amazon QuickSight to build reports off of AWS CloudTrail. Create a daily Amazon CloudWatch trigger to run the report daily and email it using Amazon SNS.
• D. Use AWS Artifact's prebuilt reports and subscriptions. Subscribe the director of information security to the reports by adding the director as the security alternate contact for each account.

Correct answer: A

Explanation

The correct answer is A because it directly utilizes AWS Lambda to automate the querying of AWS Trusted Advisor security checks across all accounts and sends the results via Amazon SNS, ensuring daily reports. The other options either do not provide a specific daily reporting mechanism or focus on different services that do not align with the requirement for AWS Trusted Advisor recommendations.