SCS-C02 · Question #244
SCS-C02 Question #244: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #244. The question stem and answer options stay visible for context.
Question
A company has a requirement that no Amazon EC2 security group can allow SSH access from the CIDR block 0.0.0.070. The company wants to monitor compliance with this requirement at all times and wants to receive a near-real-time notification if any security group is noncompliant. A security engineer has configured AWS Config and will use the restricted-ssh managed rule to monitor the security groups. What should the security engineer do next to meet these requirements?
Options
- AConfigure AWS Config to send its configuration snapshots to an Amazon S3 bucket. Create an
- BConfigure an Amazon EventBridge event rule that is invoked by a compliance change event from
- CConfigure AWS Config to push all its compliance notifications to Amazon CloudWatch Logs
- DConfigure an Amazon CloudWatch alarm on (he CloudWatch metric for the restricted-ssh
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.