Learn how to use AWS Config and Systems Manager to automatically detect and close unnecessary SSH ports on EC2 instances, ensuring security and compliance.
Table of Contents
Question
A company wants to monitor the security groups of its Amazon EC2 instances to ensure that SSH is not open to the public. If the port is opened, the company needs to close the port as soon as possible.
Which combination of actions should a SysOps administrator take to meet these requirements? (Choose two.)
A. Add an Amazon CloudWatch alarm to detect the security groups that allow SSH.
B. Add an AWS Config rule to detect the security groups that allow SSH.
C. Add an assessment template to Amazon Inspector to detect the security groups that allow SSH.
D. Call an AWS Systems Manager Automation runbook to close the port.
E. Call AWS Systems Manager Run Command to close the port.
Answer
B. Add an AWS Config rule to detect the security groups that allow SSH.
D. Call an AWS Systems Manager Automation runbook to close the port.
Explanation
Option B allows the company to define a rule in AWS Config that detects security groups allowing SSH traffic from any IP address. This rule can trigger an alert or an automated remediation.
Option D enables the company to create an AWS Systems Manager (SSM) Automation runbook that can automatically close the SSH port on the EC2 instance. This runbook can be triggered by the AWS Config rule created in Option B.
Option A (adding an Amazon CloudWatch alarm) is not necessary for this scenario, as it only monitors existing security groups and does not provide an automated remediation.
Option C (adding an assessment template to Amazon Inspector) is not relevant to this scenario, as it focuses on compliance and security assessments, not real-time monitoring and remediation.
Option E (calling AWS Systems Manager Run Command to close the port) is not the most efficient option, as it requires manual intervention and does not provide an automated remediation.
Amazon AWS Certified SysOps Administrator – Associate certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified SysOps Administrator – Associate exam and earn Amazon AWS Certified SysOps Administrator – Associate certification.