Q76 — AWS ANS-C01 Ch.1

Question 76 of 100 | ← Chapter 1

A company is hosting an application on Amazon EC2 instances behind an Application Load Balancer. The instances are in an Amazon EC2 Auto Scaling group. Because of a recent change to a security group, external users cannot access the application. A network engineer needs to prevent this downtime from happening again. The network engineer must implement a solution that remediates noncompliant changes to security groups. Which solution will meet these requirements?

Correct Answer: D. Configure an AWS Cong rule to detect inconsistencies between the desired security group configuration and the current security group configuration. Create an AWS Systems Manager Automation runbook to remediate noncompliant security groups.

Explanation

要防止因安全组配置不一致导致的服务中断,需要配置一种机制来检测当前安全组配置与预期配置之间的不一致,并自动修复这些不一致。AWSConfig提供了检查、评估和审核AWS资源的配置的功能,可以检测安全组配置是否偏离了预定义或期望的状态。而AWSSystemsManagerAutomation提供了自动化修复任务的能力,可以自动修正不符合要求的安全组配置。因此,结合AWSConfig规则来检测不一致性,并使用AWSSystemsManagerAutomation来修复不符合的安全组,是满足题目要求的解决方案。故选项D是正确答案。注意,题目中提到的“AWSCongrule”应为“AWSConfigrule”的误写。 查看全部