You want to monitor multiple AWS accounts for threats centrally using GuardDuty. What is the best approach?

hard📝 Application Q15 of 15

AWS - Advanced Security

AUse GuardDuty's multi-account feature with a master account to manage findings centrally

BEnable GuardDuty separately in each account and region, then aggregate findings manually

CCreate IAM roles in each account to share logs with a central S3 bucket for GuardDuty analysis

DDisable GuardDuty in member accounts and rely on CloudTrail logs only

Step-by-Step Solution

Solution:

Step 1: Understand GuardDuty multi-account setup
GuardDuty supports a master account that can manage and view findings from member accounts centrally.
Step 2: Evaluate other options
Manual aggregation is inefficient, sharing logs via S3 is not how GuardDuty works, and disabling GuardDuty loses threat detection.
Final Answer:
Use GuardDuty's multi-account feature with a master account to manage findings centrally -> Option A
Quick Check:
GuardDuty multi-account = master account management [OK]

Quick Trick: Use GuardDuty master account for multi-account threat management [OK]

Common Mistakes:

Master "Advanced Security" in AWS

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More AWS Quizzes