Refer to the exhibit. A company uses this CloudFormation template. What security best practice is being violated?
Allowing SSH from 0.0.0.0/0 is a security risk.
Why this answer
Option C is correct because the security group allows SSH from anywhere (0.0.0.0/0), which is a security risk. Option A is wrong because the instance type is not inherently a security issue. Option B is wrong because the AMI ID is not necessarily a vulnerability.
Option D is wrong because there is no encryption setting; the EBS volume has Encrypted: false, which is a best practice violation, but the most critical is the open SSH.