Bird
0
0

An AWS Config rule evaluates whether security groups allow unrestricted inbound SSH access. If a security group allows SSH from 0.0.0.0/0, what compliance status will AWS Config assign?

medium📝 service behavior Q5 of 15
AWS - Advanced Security
An AWS Config rule evaluates whether security groups allow unrestricted inbound SSH access. If a security group allows SSH from 0.0.0.0/0, what compliance status will AWS Config assign?
ACOMPLIANT
BNON_COMPLIANT
CNOT_APPLICABLE
DINSUFFICIENT_DATA
Step-by-Step Solution
Solution:

  1. Step 1: Understand the rule's purpose

    The rule flags security groups that allow SSH from anywhere (0.0.0.0/0) as risky and NON_COMPLIANT.

  2. Step 2: Determine compliance status

    Since the security group allows unrestricted SSH, AWS Config marks it NON_COMPLIANT.

  3. Final Answer:

    NON_COMPLIANT -> Option B

  4. Quick Check:

    Unrestricted SSH = NON_COMPLIANT [OK]
Quick Trick: Open SSH ports cause NON_COMPLIANT status [OK]
Common Mistakes:
  • Assuming open SSH is COMPLIANT
  • Confusing NOT_APPLICABLE with NON_COMPLIANT
  • Ignoring IP range in rule evaluation

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
Advanced Security - Secrets Manager for credentials - Quiz 10hard Advanced Security - KMS for key management - Quiz 15hard CloudFormation - Outputs for cross-stack references - Quiz 6medium CloudFormation - Outputs for cross-stack references - Quiz 1easy CloudFormation - Creating stacks - Quiz 3easy CloudFormation - Outputs for cross-stack references - Quiz 8hard CloudFormation - Parameters for customization - Quiz 4medium ECS and Fargate - Fargate serverless containers - Quiz 14medium Route 53 - Domain registration - Quiz 9hard Serverless Architecture - Cognito for user authentication - Quiz 13medium