A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all, introducing a possible threat that instances can be stopped or configurations can be modified. A sysops administrator needs to automate remediation. What should the sysops administrator do to meet these requirements?
A) Create an IAM managed policy to deny access to ports 22 and 3389 on any security groups in a VPC.
B) Define an AWS Config rule and remediation action with AWS Systems Manager automation documents.
C) Enable AWS Trusted Advisor to remediate public port access.
D) Use AWS Systems Manager configuration compliance to remediate public port access.

Question

Quizplus · Accepted Answer

AWS Config rules can be used to monitor and evaluate the configurations of AWS resources, and remediation actions can be automated using AWS Systems Manager automation documents to address non-compliant resources, such as security groups with open ports.

A Security Audit Revealed That the Security Groups in a VPC