For compliance reasons, a Security Engineer must produce a weekly report that lists any instance that does not have the latest approved patches applied. The Engineer must also ensure that no system goes more than 30 days without the latest approved updates being applied. What would be the MOST efficient way to achieve these goals?

Topic #: - All AWS Certified Security - Specialty Questions

A. Use Amazon Inspector to determine which systems do not have the latest patches applied, and after 30 days, redeploy those instances with the latest AMI version.
B. Configure Amazon EC2 Systems Manager to report on instance patch compliance, and enforce updates during the defined maintenance windows. Most Voted
C. Examine AWS CloudTrail logs to determine whether any instances have not restarted in the last 30 days, and redeploy those instances.
D. Update the AMIs with the latest approved patches, and redeploy each instance during the defined maintenance window.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion