Q12 — AWS DOP-C02 Ch.1

Question 12 of 100 | ← Chapter 1

A company’s application development team uses Linux-based Amazon EC2 instances as bastion hosts. SSH access to bastion hosts is restricted to specific IP addresses defined in associated security groups. The security team wants to be notified if security group rules are modified to allow SSH access from any IP address.

Correct Answer: C. Create an AWS Config rule using the 'restricted-ssh' managed rule to check whether security groups permit unrestricted inbound SSH traffic. Configure automatic remediation to publish a message to an Amazon SNS topic.

Explanation

Reference: https://docs.aws.amazon.com/config/latest/developerguide/restricted-ssh.html