A company is using AWS Security Hub to aggregate security alerts. They want to automatically remediate specific findings, such as open SSH ports on security groups, without manual intervention. What is the MOST operationally efficient way to do this?

Answer options:

Write a custom script on an EC2 instance that polls the Security Hub API every minute.

Use Amazon EventBridge rules to trigger an AWS Lambda function when Security Hub emits a specific finding.

Configure AWS WAF to automatically close the ports.

Use AWS Systems Manager Patch Manager to close the ports.

How to approach this question

Look for event-driven automation. EventBridge + Lambda is the standard pattern for automated remediation in AWS.

Full Answer

B.Use Amazon EventBridge rules to trigger an AWS Lambda function when Security Hub emits a specific finding.✓ Correct

Security Hub sends findings to EventBridge. You can create EventBridge rules that trigger Lambda functions or Systems Manager Automation documents to automatically remediate issues.

Common mistakes

Choosing polling mechanisms which are not operationally efficient.

Question 13 All questions Question 15

Practice the full AWS SAA-C03 Practice Exam 7

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team needs...Medium Q02An application runs on Amazon EC2 instances and needs to access an Amazon S3 bucket. What is the ...Easy Q03A company wants to implement federated access to the AWS Management Console for its employees usi...Medium Q04A company is building a mobile application that requires users to sign in using their social medi...Easy Q05A security team wants to enforce MFA for all IAM users before they can terminate EC2 instances. H...Medium

View all 65 questions →