A company hosts multiple externally facing applications, each isolated in its own AWS account. The company’B Security team has enabled AWS WAF. AWS Config. and Amazon GuardDuty on all accounts. The company’s Operations team has also joined all of the accounts to AWS Organizations and established centralized logging for CloudTrail. AWS Config, and GuardDuty. The company wants the Security team to take a reactive remediation in one account, and automate implementing this remediation as proactive prevention in all the other accounts.
How should the Security team accomplish this?
A . Update the AWS WAF rules in the affected account and use AWS Firewall Manager to push updated AWS WAF rules across all other accounts.
B . Use GuardDuty centralized logging and Amazon SNS to set up alerts to notify all application teams of security incidents.
C . Use GuardDuty alerts to write an AWS Lambda function that updates all accounts by adding additional NACLs on the Amazon EC2 instances to block known malicious IP addresses.
D . Use AWS Shield Advanced to identify threats in each individual account and then apply the account-based protections to all other accounts through Organizations.
Answer: C
Leave a Reply