🔥 3-day streak
AWS Certified DevOps Engineer - Professional166 / 204
Question 166 of 204
A security team requires that any security group that is modified to allow unrestricted inbound access (0.0.0.0/0) on port 22 be automatically remediated within seconds. All API activity is recorded by an organization CloudTrail trail delivered to a central logging account, and each member account also has AWS Config enabled with the restricted-ssh managed rule. The DevOps engineer must implement near-real-time auto-remediation within each member account with the least custom code and the fastest response. Which approach meets these requirements?
Reviewed for accuracy · Report an issueNext question