ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 73 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 73
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company wants to create an automated solution for all accounts managed by AWS Organizations to detect any security groups that use 0.0.0.0/0 as the source address for inbound traffic. The company also wants to automatically remediate any noncompliant security groups by restricting access to a specific CIDR block that corresponds with the company's intranet.
Which set of actions should the SysOps administrator take to create a solution?

  • A. Create an AWS Config rule to detect noncompliant security groups. Set up automatic remediation to change the 0.0.0.0/0 source address to the approved CIDR block.
  • B. Create an IAM policy to deny the creation of security groups that have 0.0.0.0/0 as the source address. Attach this IAM policy to every user in the company.
  • C. Create an AWS Lambda function to inspect new and existing security groups. Check for a noncompliant 0.0.0.0/0 source address and change the source address to the approved CIDR block.
  • D. Create a service control policy (SCP) for the organizational unit (OU) to deny the creation of security groups that have the 0.0.0.0/0 source address. Set up automatic remediation to change the 0.0.0.0/0 source address to the approved CIDR block.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Rick365 at Aug. 31, 2022, 12:25 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jipark
Highly Voted 10 months, 3 weeks ago
Selected Answer: A
why A : AWS Config Rule: AWS Config rule that checks for security groups why not D : SCPs are more suited for controlling access to AWS services and actions, not for specific security group configuration checks
upvoted 7 times
Mangesh_XI_mumbai
6 months, 3 weeks ago
A is correct, related to SCPs and configuring them are not taught in SOA exam only theory is covered.
upvoted 1 times
...
...
Nrn143
Most Recent 1 year ago
A is the correct answer
upvoted 1 times
...
gcmrjbr
1 year, 3 months ago
A. https://docs.aws.amazon.com/config/latest/developerguide/vpc-sg-open-only-to-authorized-ports.html
upvoted 2 times
...
michaldavid
1 year, 6 months ago
Selected Answer: A
aaaaaa
upvoted 3 times
...
Liongeek
1 year, 7 months ago
Ans: A
upvoted 2 times
...
Surferbolt
1 year, 8 months ago
Selected Answer: A
A. It's a job for Config.
upvoted 3 times
...
Rick365
1 year, 10 months ago
Selected Answer: A
A. Create an AWS Config rule to detect noncompliant security groups. Set up automatic remediation to change the 0.0.0.0/0 source address to the approved CIDR block?
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel