🔥 3-day streak
AWS Certified Solutions Architect - Professional150 / 186
Question 150 of 186
A financial services company uses AWS Organizations with all features enabled. The security team centrally manages Amazon GuardDuty and AWS CloudTrail from a delegated administrator account. Recently, an engineer with local administrator privileges in a member account disabled the GuardDuty detector and stopped a CloudTrail trail in their account, creating a compliance gap. The security team wants a preventive control that stops any principal in member accounts—including local administrators—from disabling these security services, while still allowing the delegated administrator to manage them. What should the solutions architect implement?
Reviewed for accuracy · Report an issueNext question