A company has multiple AWS accounts in an organization. The security team needs to centrally manage Amazon GuardDuty findings from all accounts. Which THREE steps should the team take to meet this requirement? (Choose THREE.)
The delegated admin can manage GuardDuty across accounts.
Why this answer
Option C is correct because designating a delegated administrator account for GuardDuty in AWS Organizations centralizes management of findings across all member accounts. This allows the security team to view, manage, and respond to findings from a single account without needing to log into each individual account.
Exam trap
The trap here is that candidates might think sending findings to CloudWatch Logs or S3 is the correct way to centralize management, but AWS's native multi-account architecture for GuardDuty relies on the delegated administrator and member account model, not log aggregation.