🔥 3-day streak
AWS Certified Security - Specialty48 / 184
Question 48 of 184
A security governance team manages 60 accounts under AWS Control Tower. Leadership requires that no account be able to create publicly accessible RDS instances, and that any existing RDS instance that becomes publicly accessible be automatically detected and reported to a central compliance dashboard. The team wants to minimize ongoing operational overhead while enforcing this at scale. Which combination of controls best satisfies both the preventive and detective requirements?
Reviewed for accuracy · Report an issueNext question