SCS-C02 Domain 4: Infrastructure Security

An audit found gaps: the organization must secure EKS API endpoint. Which option addresses this? secure EKS API endpoint.

Multiple choice — select one answer

Answer choices

  1. a. 0.0.0.0/0 public API
  2. b. AWS WAF managed rule groups
  3. c. Private endpoint and restricted public access CIDRs
  4. d. SSM State Manager for host firewall rules

Architectural breakdown & explanation

Restrict Kubernetes API exposure.

Correct answer(s): c. Private endpoint and restricted public access CIDRs

Exam domain: Domain 4: Infrastructure Security (17% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Security – Specialty bank. Run a full timed practice exam with domain-weighted random questions in your browser.