AWS Certified Advanced Networking - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Configure an AWS Config rule to detect inconsistencies between the desired security group configuration and the current security group configuration. Create an AWS Systems Manager Automation runbook to remediate noncompliant security groups.

To prevent downtime caused by noncompliant changes to security groups, the solution must involve both detection and remediation mechanisms. AWS Config is designed to assess, audit, and evaluate the configurations of your AWS resources, making it suitable for detecting inconsistencies between desired and current security group configurations. AWS Systems Manager Automation allows you to automate operational tasks, including the remediation of noncompliant security groups, by executing predefined runbooks. Therefore, the correct approach is to use AWS Config for detection and AWS Systems Manager Automation for remediation. Option D correctly identifies this combination, making it the correct answer. Options A and C incorrectly suggest using Amazon GuardDuty for detection, which is primarily a threat detection service and not specifically designed for configuration compliance. Option B incorrectly suggests using AWS OpsWorks for Chef for remediation, which is more suited for configuration management and not specifically for automated remediation of security group configurations.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company is running an application on Amazon EC2 instances behind an Application Load Balancer, with the instances part of an Amazon EC2 Auto Scaling group. Due to a recent modification to a security group, external users are unable to access the application.

To avoid such downtime in the future, a network engineer must implement a solution that automatically corrects noncompliant changes to security groups.

What solution will fulfill these requirements?

Exam-Like

Last updated: December 23, 2025 at 14:04

Configure Amazon GuardDuty to detect inconsistencies between the desired security group configuration and the current security group configuration. Create an AWS Systems Manager Automation runbook to remediate noncompliant security groups.

Configure an AWS Config rule to detect inconsistencies between the desired security group configuration and the current security group configuration. Configure AWS OpsWorks for Chef to remediate noncompliant security groups.

Configure Amazon GuardDuty to detect inconsistencies between the desired security group configuration and the current security group configuration. Configure AWS OpsWorks for Chef to remediate noncompliant security groups.

Configure an AWS Config rule to detect inconsistencies between the desired security group configuration and the current security group configuration. Create an AWS Systems Manager Automation runbook to remediate noncompliant security groups.