🔥 3-day streak
AWS Certified Security - Specialty42 / 184
Question 42 of 184
A security team manages a multi-account environment through AWS Control Tower. The compliance department requires that every newly provisioned member account automatically block the disabling of AWS Config, enforce a standardized network baseline, and prevent the deletion of the CloudTrail log archive. The team wants these controls applied consistently at account creation without manual per-account setup, and wants strong (preventive) enforcement where possible. Which approach best meets these requirements with the least ongoing operational effort?
Reviewed for accuracy · Report an issueNext question