AWS Certified SysOps Administrator – Associate — Question 252

A company wants to monitor the security groups of its Amazon EC2 instances to ensure that SSH is not open to the public. If the port is opened, the company needs to close the port as soon as possible.

Which combination of actions should a SysOps administrator take to meet these requirements? (Choose two.)

Answer options

• A. Add an Amazon CloudWatch alarm to detect the security groups that allow SSH.
• B. Add an AWS Config rule to detect the security groups that allow SSH.
• C. Add an assessment template to Amazon Inspector to detect the security groups that allow SSH.
• D. Call an AWS Systems Manager Automation runbook to close the port.
• E. Call AWS Systems Manager Run Command to close the port.

Correct answer: B, D

Explanation

The correct answer includes option B, which utilizes an AWS Config rule to monitor security groups for SSH access, ensuring compliance with security standards. Option D is also correct because it allows for an automated process to close the port when it is found to be open. Options A and C do not directly address closing the port, while option E does not utilize an automation runbook, which is a more structured approach for this situation.