AWS Certified Solutions Architect – Professional (SAP-C02) — Question 194

A company is using an organization in AWS Organizations to manage hundreds of AWS accounts. A solutions architect is working on a solution to provide baseline protection for the Open Web Application Security Project (OWASP) top 10 web application vulnerabilities. The solutions architect is using AWS WAF for all existing and new Amazon CloudFront distributions that are deployed within the organization.

Which combination of steps should the solutions architect take to provide the baseline protection? (Choose three.)

Answer options

• A. Enable AWS Config in all accounts
• B. Enable Amazon GuardDuty in all accounts
• C. Enable all features for the organization
• D. Use AWS Firewall Manager to deploy AWS WAF rules in all accounts for all CloudFront distributions
• E. Use AWS Shield Advanced to deploy AWS WAF rules in all accounts for all CloudFront distributions
• F. Use AWS Security Hub to deploy AWS WAF rules in all accounts for all CloudFront distributions

Correct answer: A, C, D

Explanation

Enabling AWS Config in all accounts ensures compliance and monitoring of configurations, while activating all features for the organization provides comprehensive management capabilities. Using AWS Firewall Manager to deploy AWS WAF rules simplifies the process of applying consistent security measures across all CloudFront distributions, which is essential for protecting against OWASP vulnerabilities. The other options, while useful for security, do not directly contribute to the baseline protection strategy outlined in the scenario.