AWS Certified Cloud Practitioner — Question 741

A company wants to monitor for misconfigured security groups that are allowing unrestricted access to specific ports.

Which AWS service will meet this requirement?

Answer options

• A. AWS Trusted Advisor
• B. Amazon CloudWatch
• C. Amazon Guard Duty
• D. AWS Health Dashboard

Correct answer: A

Explanation

AWS Trusted Advisor features specific security checks that inspect security group rules for unrestricted access (0.0.0.0/0) to common ports. Amazon CloudWatch, Amazon Guard Duty, and AWS Health Dashboard are designed for monitoring metrics/logs, threat detection, and service status tracking respectively, and do not perform this specific configuration check.