AWS Certified SysOps Administrator SOA-C01 – Question866

A security audit revealed that the security groups in a VPC have ports 22 and 3389 open to all, introducing a possible threat that instances can be stopped or configurations can be modified. A sysops administrator needs to automate remediation.
What should the sysops administrator do to meet these requirements?

A.
Create an IAM managed policy to deny access to ports 22 and 3389 on any security groups in a VPC.
B. Define an AWS Config rule and remediation action with AWS Systems Manager automation documents.
C. Enable AWS Trusted Advisor to remediate public port access.
D. Use AWS Systems Manager configuration compliance to remediate public port access.

Correct Answer: B

Explanation: