AWS Certified SysOps Administrator – Associate (SOA-C03) — Question 14

A company hosts an FTP server on Amazon EC2 instances. In the company’s AWS environment, AWS Security Hub sends findings for the EC2 instances to Amazon EventBridge because the FTP port has become publicly exposed in the security groups that are attached to the instances.
A CloudOps engineer wants an automated solution to remediate the Security Hub finding and any similar exposed port findings. The CloudOps engineer wants to use an event-driven approach.
Which solution will meet these requirements?

Answer options

• A. Configure the existing EventBridge event to stop the EC2 instances that have the exposed port.
• B. Create a cron job for the FTP server to invoke an AWS Lambda function. Configure the Lambda function to modify the security group of the identified EC2 instances and to remove the instances that allow public access.
• C. Create a cron job for the FTP server that invokes an AWS Lambda function. Configure the Lambda function to modify the server to use SFTP instead of FTP.
• D. Configure the existing EventBridge event to invoke an AWS Lambda function. Configure the function to remove the security group rule that allows public access.

Correct answer: D

Explanation

The correct answer is D because it directly addresses the exposed port issue by using an event-driven approach to modify the security group rules. Option A incorrectly suggests stopping the EC2 instances, which does not resolve the security issue. Option B focuses on modifying the security group but does so through a cron job rather than an event-driven method. Option C changes the protocol from FTP to SFTP, which does not solve the problem of the exposed port.