Skip to Content

SOA-C02: What should SysOps do to view list of security groups that are open to internet on port 3389

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

Table of Contents

Question

A company needs to view a list of security groups that are open to the internet on port 3389. What should a SysOps administrator do to meet this requirement?

A. Configure Amazon GuardDuty to scan security groups and report unrestricted access on port 3389.
B. Configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389.
C. Use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389.
D. Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389.

Answer

D. Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389.

Explanation

The correct answer to the question is D. Use AWS Trusted Advisor to find security groups that allow unrestricted access on port 3389.

Port 3389 is the default port for Remote Desktop Protocol (RDP), which is a protocol that allows users to remotely access and control Windows-based computers. RDP can be useful for administration, troubleshooting, or remote work, but it can also pose a security risk if it is exposed to the internet. Attackers can exploit RDP vulnerabilities or brute-force RDP credentials to gain unauthorized access to the instances that are associated with the security groups.

To view a list of security groups that are open to the internet on port 3389, a SysOps administrator can use AWS Trusted Advisor. AWS Trusted Advisor is a service that provides recommendations and best practices for optimizing the AWS account in terms of cost, performance, security, fault tolerance, and service limits. One of the security checks that Trusted Advisor performs is to identify security groups that allow unrestricted access on specific ports, such as port 3389.

To use Trusted Advisor to find security groups that allow unrestricted access on port 3389, the SysOps administrator can follow these steps:

  • Open the AWS Management Console and go to the Trusted Advisor service.
  • In the navigation pane, click on Security.
  • In the Security Checks section, click on Security Groups – Specific Ports Unrestricted.
  • In the results table, look for any security groups that have port 3389 in the Port column and 0.0.0.0/0 or ::/0 in the Source column. These are the security groups that are open to the internet on port 3389.
  • Click on each security group to view more details, such as the region, VPC ID, instance ID, and instance name.

The SysOps administrator can also download the results as a CSV file or refresh the results by clicking on the Refresh button. For more details, you can refer to this article.

Therefore, option D is correct. Options A, B, and C are incorrect because they are not effective or relevant ways to find security groups that allow unrestricted access on port 3389. Option A will configure Amazon GuardDuty to scan security groups and report unrestricted access on port 3389, but GuardDuty is a threat detection service that monitors network activity and API calls for malicious or unauthorized behavior, not a configuration audit service that checks for security group settings. Option B will configure a service control policy (SCP) to identify security groups that allow unrestricted access on port 3389, but SCPs are policies that define the maximum permissions for AWS Organizations members in a hierarchy of organizational units (OUs), not policies that audit existing security group rules. Option C will use AWS Identity and Access Management Access Analyzer to find any instances that have unrestricted access on port 3389, but Access Analyzer is a service that analyzes resource policies and reports any resources that are shared with an external entity, not a service that analyzes security group rules and reports any instances that are exposed to the internet.

Amazon AWS Certified SysOps Administrator – Associate certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified SysOps Administrator – Associate exam and earn Amazon AWS Certified SysOps Administrator – Associate certification.