A company uses Amazon EC2 instances to run business-critical applications. Software that is running on the EC2 instances recently caused Amazon GuardDuty to generate the PenTest:S3/KaliLinux finding for some of the company’s environments. The company wants to prevent this software from running again. The company is using AWS Organizations to manage its AWS accounts. What should a solutions architect do to meet these requirements?

Topic #: - All AWS Certified Solutions Architect - Professional Questions

A. Configure Amazon Inspector to check the EC2 instances for the forbidden software and to send an Amazon Simple Notification Service (Amazon SNS) notification when the software is identified. Create an AWS Lambda function that stops the EC2 instances and notifies the company. Subscribe the Lambda function to the SNS topic.
B. Create a centralized Amazon EventBridge (Amazon CloudWatch Events) bus to receive GuardDuty events from all accounts. Configure an EventBridge (CloudWatch Events) rule to invoke an AWS Lambda function when the GuardDuty event is generated. Configure the Lambda function to stop the EC2 instances and notify the company.
C. Configure an SCP to prevent the software from being installed. Apply the SCP to the root OU for the organization.
D. Create a library of approved EC2 AMIs. Create a catalog in AWS Service Catalog to deploy the AMIs for the organization. Update IAM policies to allow EC2 instances to be created only with Service Catalog AMIs.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion