🔥 3-day streak
AWS Certified Security - Specialty49 / 184
Question 49 of 184
A financial services company runs 120 accounts under AWS Control Tower. The security team must audit whether every account continuously enforces a set of ~40 detective controls (Config rules) mapped to their internal compliance framework. Finance has flagged that AWS Config recording costs have grown rapidly because every account records ALL resource types, including many that are irrelevant to the compliance framework. The team wants to reduce Config cost while still meeting the audit requirement and managing controls centrally across the organization. Which approach best balances centralized governance, audit coverage, and cost?
Reviewed for accuracy · Report an issueNext question