🔥 3-day streak
AWS Certified SysOps Administrator - Associate89 / 150
Question 89 of 150

A SysOps administrator must automatically remediate any security group that is modified to allow unrestricted inbound SSH access (0.0.0.0/0 on port 22). The remediation must remove the offending rule within seconds of the change, without requiring manual intervention or scheduled scans. AWS Config is already recording configuration changes in the account. Which approach meets these requirements with the LEAST operational overhead?

Reviewed for accuracy · Report an issueNext question