SOA-C02 · Question #271
SOA-C02 Question #271: Real Exam Question with Answer & Explanation
Sign in or unlock SOA-C02 to reveal the answer and full explanation for question #271. The question stem and answer options stay visible for context.
Question
A company wants to create an automated solution for all accounts managed by AWS Organizations to detect any security groups that use 0.0.0.0/0 as the source address for inbound traffic. The company also wants to automatically remediate any noncompliant security groups by restricting access to a specific CIDR block that corresponds with the company's intranet. Which set of actions should the SysOps administrator take to create a solution?
Options
- ACreate an AWS Config rule to detect noncompliant security groups.
- BCreate an IAM policy to deny the creation of security groups that have 0.0.0.0/0 as the source
- CCreate an AWS Lambda function to inspect new and existing security groups.
- DCreate a service control policy (SCP) for the organizational unit (OU) to deny the creation of
Unlock SOA-C02 to see the answer
You've previewed enough free SOA-C02 questions. Unlock SOA-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.