A Security Engineer discovers that developers have been adding rules to security groups that allow SSH and RDP traffic from 0.0.0.0/0 instead of the organization firewall IP. What is the most efficient way to remediate the risk of this activity?
A) Delete the internet gateway associated with the VPC.
B) Use network access control lists to block source IP addresses matching 0.0.0.0/0.
C) Use a host-based firewall to prevent access from all but the organization's firewall IP.
D) Use AWS Config rules to detect 0.0.0.0/0 and invoke an AWS Lambda function to update the security group with the organization's firewall IP.
Correct Answer:
Verified
Q154: An organization wants to be alerted when
Q155: An Application Developer is using an AWS
Q156: A company's Developers plan to migrate their
Q157: AWS CloudTrail is being used to monitor
Q158: A company is developing a highly resilient
Q160: A company had one of its Amazon
Q161: A company's Security Engineer has been tasked
Q162: A company has an application hosted in
Q163: An organization wants to log all AWS
Q164: A company recently performed an annual security
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents