Explanation:
AWS Config is designed to evaluate resource configurations and compliance. The 'restricted-ssh' rule can specifically detect security groups with open SSH ports. To provide automatic remediation as soon as possible, an AWS Systems Manager Automation runbook can be triggered to revert the configuration changes.
Ultimate access to all questions.
Question 2. A company wants to monitor the security groups of its Amazon EC2 instances to ensure that SSH is not open to the public. If the port is opened, the company needs to close the port as soon as possible. Which combination of actions should a SysOps administrator take to meet these requirements? (Choose two.)
A
Add an Amazon CloudWatch alarm to detect the security groups that allow SSH.
B
Add an AWS Config rule to detect the security groups that allow SSH.
C
Add an assessment template to Amazon Inspector to detect the security groups that allow SSH.
D
Call an AWS Systems Manager Automation runbook to close the port.
E
Call AWS Systems Manager Run Command to close the port.
F
Not Applicable
No comments yet.