SOA-C02 · Question #616
SOA-C02 Question #616: Real Exam Question with Answer & Explanation
Sign in or unlock SOA-C02 to reveal the answer and full explanation for question #616. The question stem and answer options stay visible for context.
Question
A company's security policy requires incoming SSH traffic to be restricted to a defined set of addresses. The company is using an AWS Config rule to check whether security groups allow unrestricted incoming SSH traffic. A SysOps administrator discovers a noncompliant resource and fixes the security group manually. The SysOps administrator wants to automate the remediation of other noncompliant resources. What is the MOST operationally efficient solution that meets these requirements?
Options
- ACreate an Amazon CloudWatch alarm for the AWS Config rule's status metric. Create an AWS
- BConfigure an automatic remediation action on the AWS Config rule. Specify the AWS-
- CConfigure an Amazon EventBridge rule for AWS Config configuration item change events. Create
- DCreate an AWS Lambda function that can analyze a security group's inbound rules to check for
Unlock SOA-C02 to see the answer
You've previewed enough free SOA-C02 questions. Unlock SOA-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.