AWS Certified Cloud Practitioner — Question 344

A user wants to identify any security group that is allowing unrestricted incoming SSH traffic.

Which AWS service can be used to accomplish this goal?

Answer options

• A. Amazon Cognito
• B. AWS Shield
• C. Amazon Macie
• D. AWS Trusted Advisor

Correct answer: D

Explanation

AWS Trusted Advisor provides a security check that specifically identifies security groups that allow unrestricted incoming traffic on specific ports, including SSH (port 22). Amazon Macie is designed for discovering and protecting sensitive data, AWS Shield provides DDoS protection, and Amazon Cognito handles user authentication, meaning none of these services can perform security group configuration audits.