Answer-first summary for fast verification
Answer: Configure the existing EventBridge event to invoke an AWS Lambda function. Configure the function to remove the security group rule that allows public access.
Amazon EventBridge can capture security findings from AWS Security Hub and trigger an AWS Lambda function as a target. This creates an event-driven automation that programmatically remediates the issue by removing the overly permissive rule from the security group.
Author: Ritesh Yadav
Ultimate access to all questions.
Question #15 A company hosts an FTP server on Amazon EC2 instances. In the company's AWS environment, AWS Security Hub sends findings for the EC2 instances to Amazon EventBridge because the FTP port has become publicly exposed in the security groups that are attached to the instances. A CloudOps engineer wants an automated solution to remediate the Security Hub finding and any similar exposed port findings. The CloudOps engineer wants to use an event-driven approach. Which solution will meet these requirements?
A
Configure the existing EventBridge event to stop the EC2 instances that have the exposed port.
B
Create a cron job for the FTP server to invoke an AWS Lambda function. Configure the Lambda function to modify the security group of the identified EC2 instances and to remove the instances that allow public access.
C
Create a cron job for the FTP server that invokes an AWS Lambda function. Configure the Lambda function to modify the server to use SFTP instead of FTP.
D
Configure the existing EventBridge event to invoke an AWS Lambda function. Configure the function to remove the security group rule that allows public access.
No comments yet.