🔥 3-day streak
AWS Certified Security - Specialty35 / 184
Question 35 of 184

A security team at a large enterprise manages 120 AWS accounts under AWS Organizations. They need to deploy a standardized set of AWS Config rules across all existing and future member accounts to enforce a PCI DSS baseline. The team wants to manage these rules centrally from a dedicated security tooling account (not the management account) and ensure that member account administrators cannot delete or modify the deployed rules. Which approach best meets these requirements with the least ongoing operational effort?

Reviewed for accuracy · Report an issueNext question