DOP-C02 · Question #6
DOP-C02 Question #6: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #6. The question stem and answer options stay visible for context.
Question
A company's application development team uses Linux-based Amazon EC2 instances as bastion hosts. Inbound SSH access to the bastion hosts is restricted to specific IP addresses, as defined in the associated security groups. The company's security team wants to receive a notification if the security group rules are modified to allow SSH access from any IP address. What should a DevOps engineer do to meet this requirement?
Options
- ACreate an Amazon EventBridge rule with a source of aws.cloudtrail and the event name
- BEnable Amazon GuardDuty and check the findings for security groups in AWS Security Hub.
- CCreate an AWS Config rule by using the restricted-ssh managed rule to check whether security
- DEnable Amazon Inspector. Include the Common Vulnerabilities and Exposures-1.1 rules package
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.