Home › AWS Security › cloudcomputing › scsloggingmon › Which AWS feature lets a security engineer aggre…
Which AWS feature lets a security engineer aggregate AWS Config findings across all accounts in an Organization into a single account?
APer-account dashboards reviewed manually each Monday
BAmazon EBS
CAn AWS Config aggregator (in a designated security/audit account with delegated administration)
DAmazon Route 53
Answer & Solution
Correct answer: C. An AWS Config aggregator (in a designated security/audit account with delegated administration)
Config aggregators centralise compliance (per SCS-C02 §2.5, §6.1). Manual review doesn't scale; the others are unrelated.
Related questions
A security engineer notices CloudWatch alarms aren't firing for an application metric. WhiWhich AWS service streams logs in near-real-time to OpenSearch / S3 / Redshift / Splunk foWhich AWS service is BEST suited for monitoring Application Load Balancer access logs at pAn architect needs a CENTRALISED, immutable, write-once log archive across all AWS accountWhich CloudTrail feature lets a security engineer DETECT unusual API-call patterns (e.g. sWhich AWS service lets a security engineer query CloudWatch Logs with a purpose-built querWhich CloudWatch feature converts a regex pattern in log events into a metric — used to alWhich AWS service stores log data with subscription filters, metric filters, and integrati