A company runs applications on Amazon EC2 instances.

Vendor: Amazon Web Services
Product: SOA-C03
Update on: Jun 13, 2026
Questions: 219

Amazon Web Services SOA-C03 Question Answer

A company runs applications on Amazon EC2 instances. The company wants to ensure that SSH ports on the EC2 instances are never open. The company has enabled AWS Config and has set up the restricted-ssh AWS managed rule.

A CloudOps engineer must implement a solution to remediate SSH port access for noncompliant security groups.

What should the engineer do to meet this requirement with the MOST operational efficiency?

Configure the AWS Config rule to identify noncompliant security groups. Configure the rule to use the AWS-PublishSNSNotification AWS Systems Manager Automation runbook to send notifications about noncompliant resources.

Configure the AWS Config rule to identify noncompliant security groups. Configure the rule to use the AWS-DisableIncomingSSHOnPort22 AWS Systems Manager Automation runbook to remediate noncompliant resources.

Make an AWS Config API call to search for noncompliant security groups. Disable SSH access for noncompliant security groups by using a Deny rule.

Configure the AWS Config rule to identify noncompliant security groups. Manually update each noncompliant security group to remove the Allow rule.