AWS Certified Security – Specialty — Question 49

A Security Engineer discovers that developers have been adding rules to security groups that allow SSH and RDP traffic from 0.0.0.0/0 instead of the organization firewall IP.
What is the most efficient way to remediate the risk of this activity?

Answer options

• A. Delete the internet gateway associated with the VPC.
• B. Use network access control lists to block source IP addresses matching 0.0.0.0/0.
• C. Use a host-based firewall to prevent access from all but the organization's firewall IP.
• D. Use AWS Config rules to detect 0.0.0.0/0 and invoke an AWS Lambda function to update the security group with the organization's firewall IP.

Correct answer: D

Explanation

The correct answer is D because AWS Config can continuously monitor the security groups and enforce compliance by automatically updating them to the organization's firewall IP. Options A and B are less efficient as they either remove necessary access or do not provide a dynamic solution. Option C is not optimal because it requires manual configuration on each host, which isn't scalable.