For compliance reasons, a Security Engineer must produce a weekly report that lists any instance that does not have the latest approved patches applied. The
Engineer must also ensure that no system goes more than 30 days without the latest approved updates being applied.
What would be the MOST efficient way to achieve these goals?

A. Use Amazon Inspector to determine which systems do not have the latest patches applied, and after 30 days, redeploy those instances with the latest AMI version.

B. Configure Amazon EC2 Systems Manager to report on instance patch compliance, and enforce updates during the defined maintenance windows.

C. Examine AWS CloudTrail logs to determine whether any instances have not restarted in the last 30 days, and redeploy those instances.

D. Update the AMIs with the latest approved patches, and redeploy each instance during the defined maintenance window.








 

Suggested Answer: D

Community Answer: B




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.