AWS Certified Advanced Networking - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company is running an application on Amazon EC2 instances behind an Application Load Balancer, with the instances part of an Amazon EC2 Auto Scaling group. Due to a recent modification to a security group, external users are unable to access the application.
To avoid such downtime in the future, a network engineer must implement a solution that automatically corrects noncompliant changes to security groups.
What solution will fulfill these requirements?
Explanation:
To prevent downtime caused by noncompliant changes to security groups, the solution must involve both detection and remediation mechanisms. AWS Config is designed to assess, audit, and evaluate the configurations of your AWS resources, making it suitable for detecting inconsistencies between desired and current security group configurations. AWS Systems Manager Automation allows you to automate operational tasks, including the remediation of noncompliant security groups, by executing predefined runbooks. Therefore, the correct approach is to use AWS Config for detection and AWS Systems Manager Automation for remediation. Option D correctly identifies this combination, making it the correct answer. Options A and C incorrectly suggest using Amazon GuardDuty for detection, which is primarily a threat detection service and not specifically designed for configuration compliance. Option B incorrectly suggests using AWS OpsWorks for Chef for remediation, which is more suited for configuration management and not specifically for automated remediation of security group configurations.