Certified Security - Specialty

Sign Up Free or Log In to participate!

Bad Question Please fix

There is a question in section 1 that is not properly set. Must be incomplete. The answer though shows AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations. All AWS customers get access to the seven core Trusted Advisor checks to help increase the security and performance of the AWS environment, including: S3 Bucket Permissions, Security Groups – Specific Ports Unrestricted, IAM Use, MFA on Root Account, EBS Public Snapshots, RDS Public Snapshots. Further information: https://aws.amazon.com/premiumsupport/technology/trusted-advisor

Mingchin Hsieh

Yeap. The question statement: "e9b12096-9403-4d83-b9c6-5e5156ffb279". How do the test taker guess from it?


Additionally, AWS Config also shows you all SGs with 22 out to the World (If the rule is activated)

4 Answers

Hi Dan,

I have reported this to ACG for review.

Hi Dan,
   Not sure if I should laugh or cry.  That is what happens when you miss a comma and have a colon instead.

I have fixed the question in the DB, and it is waiting for a peer review and then will be merged .

Looking at your post I think you nailed it.
This is new and I would not expect it to be on the exam for at least another 9 months, however do skim read it .

Moderator & Coach


Yes – I actually had my config open on the other screen as I found out I was getitng billed for the rules I setup in the lab and teh last rule I have left is restricted-ssh "Checks whether security groups that are in use disallow unrestricted incoming SSH traffic. " The more important goal for me is to pass the exam so if the exam is expecting Trusted Advisor on a question with similar language, then I will give it what it wants.

Thank you for letting us know!


Hi Faye — This questions seems to have TWO legitimate answers. AWS Config should be included because there is managed rule which can be run to see if SSH has been enabled for security groups. This could be an indication of whether or not SSH was enabled accidentally or not.


+1 Trusted Advisor does this, but AWS Config Rules could also be used.

Is someone eventually going to fix this? ACG feels like a big fat tanker for fixing even the most minor bugs…


There is no need to be rude. What we do with this feedback is not random but prioritized based on impact. There are two engineers looking at this to decide how to address it.


It is rude to not fix it for paying customers…

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?