🔥 3-day streak
AWS Certified Solutions Architect - Professional44 / 186
Question 44 of 186
A financial services company runs a multi-account AWS Organization with over 80 member accounts. The central security team currently operates entirely from the management (payer) account, where they manage GuardDuty, Security Hub, and IAM Access Analyzer findings for the whole organization. During an audit, the company is told that using the management account for daily operational tasks violates AWS security best practices and increases blast radius. The security team must retain organization-wide visibility and continue enrolling new accounts automatically, while minimizing the privileged actions performed from the management account. What should the solutions architect recommend?
Reviewed for accuracy · Report an issueNext question