SOA-C02 · Question #728
SOA-C02 Question #728: Real Exam Question with Answer & Explanation
The correct answer is B: Review AWS Trusted Advisor findings in an organizational view for the Security Groups - Specific. AWS Trusted Advisor’s organizational view already includes the Security Groups – Specific Ports Unrestricted check, showing every SG rule open to 0.0.0.0/0 across all member accounts - no custom code or scripts needed.
Question
A company uses an organization in AWS Organizations to manage multiple AWS accounts. A SysOps administrator must identify all IPv4 ports that are open to 0.0.0.0/0 across all accounts in the organization. Which solution will meet this requirement with the LEAST operational effort?
Options
- AUse the AWS CLI to print all security group rules for review.
- BReview AWS Trusted Advisor findings in an organizational view for the Security Groups - Specific
- CCreate an AWS Lambda function to gather security group rules from all accounts. Aggregate the
- DEnable Amazon inspector in each account. Run an automated workload discovery job.
Explanation
AWS Trusted Advisor’s organizational view already includes the Security Groups – Specific Ports Unrestricted check, showing every SG rule open to 0.0.0.0/0 across all member accounts - no custom code or scripts needed.
Community Discussion
No community discussion yet for this question.