Topic 1 Question 352
2 つ選択A company wants to monitor the security groups of its Amazon EC2 instances to ensure that SSH is not open to the public. If the port is opened, the company needs to close the port as soon as possible.
Which combination of actions should a SysOps administrator take to meet these requirements?
Add an Amazon CloudWatch alarm to detect the security groups that allow SSH.
Add an AWS Config rule to detect the security groups that allow SSH.
Add an assessment template to Amazon Inspector to detect the security groups that allow SSH.
Call an AWS Systems Manager Automation runbook to close the port.
Call AWS Systems Manager Run Command to close the port.
ユーザの投票
コメント(9)
- 正解だと思う選択肢: BD
Add an AWS Config rule to detect the security groups that allow SSH. By creating a custom AWS Config rule, you can define the desired configuration that checks if SSH ports are open in security groups. This rule will evaluate the current state of the security groups and report any violations.
Call an AWS Systems Manager Automation runbook to close the port. Set up an AWS Systems Manager Automation runbook that can be triggered when a violation is detected by the AWS Config rule. The runbook should include the necessary steps to close the SSH port in the affected security groups, ensuring that the port is no longer accessible to the public.
👍 7Pete9872023/06/30 - 正解だと思う選択肢: BD
It's B and D
👍 3jas26says2023/06/23 - 正解だと思う選択肢: BD
B and D
👍 2TQM__9MD2023/07/01
シャッフルモード