AWS Certified Solutions Architect Professional SAP-C02 Practice Question

The correct approach involves leveraging the native integration between AWS Organizations, Amazon Inspector, and AWS Security Hub for a centralized and scalable security model. The first step is to designate a specific account for security operations, in this case, the Security Tooling account, as the delegated administrator for Amazon Inspector. This action must be performed from the AWS Organizations management account. Once delegated, the Security Tooling account can manage Inspector for all member accounts, including enabling scans and configuring settings. To centralize findings, Amazon Inspector should be integrated with AWS Security Hub. When both are enabled, Inspector automatically sends all findings to Security Hub, which aggregates them from across the organization. This provides a single pane of glass for security analysis, which fulfills the company's requirement for streamlined reporting.

Using the management account for operational security tasks like managing Inspector and Security Hub is against AWS best practices, which recommend that the management account be used for billing and account management only. While a CloudFormation StackSet or custom scripts could be used to enable Inspector, these methods are less efficient and scalable than using the built-in AWS Organizations integration, which automatically handles new accounts. The native integration with Security Hub is also more efficient for aggregating findings than building a custom solution with S3 and Athena.