🔥 3-day streak
AWS Certified Security - Specialty37 / 184
Question 37 of 184
A financial services company runs 40 AWS accounts under AWS Organizations. The security governance team must continuously evaluate resource configurations against a custom internal baseline of 25 rules (some with auto-remediation) across all accounts, and they want a single pass/fail compliance score per account that can be centrally deployed and updated without touching each account individually. They already use Security Hub for aggregating GuardDuty and Inspector findings but do not want to pay for additional Security Hub security-standard control checks. Which approach BEST meets the configuration-baseline requirement while minimizing added Security Hub costs?
Reviewed for accuracy · Report an issueNext question