Q: 12
A company's application development team uses Linux-based Amazon EC2 instances as bastion
hosts. Inbound SSH access to the bastion hosts is restricted to specific IP addresses, as defined in the
associated security groups. The company's security team wants to receive a notification if the
security group rules are modified to allow SSH access from any IP address.
What should a DevOps engineer do to meet this requirement?
Options
Discussion
Option A not B. GuardDuty is a trap here since it doesn't alert on SG rule changes directly.
A
A
A is it. GuardDuty (option B) won't alert on SG changes directly, that's the trap here. EventBridge matched with CloudTrail for AuthorizeSecurityGroupIngress is the proper solution for real-time notifications about rule updates. Pretty confident but open to feedback!
A No explanation, straight to the point.
A tbh. Official guide and practice tests cover these EventBridge + CloudTrail scenarios a lot.
A since EventBridge can directly catch CloudTrail events like AuthorizeSecurityGroupIngress when rules change. That'll let you notify via SNS right when SSH is opened to the world. Seen similar Qs before, pretty sure it's A.
Be respectful. No spam.
