A Security Engineer has several thousand Amazon EC2 instances split across production and development environments. Each instance is tagged with its environment. The Engineer needs to analyze and patch all the development EC2 instances to ensure they are not currently exposed to any common vulnerabilities or exposures (CVEs).
Which combination of steps is the MOST efficient way for the Engineer to meet these requirements? (Choose two.)

A. Log on to each EC2 instance, check and export the different software versions installed, and verify this against a list of current CVEs.

B. Install the Amazon Inspector agent on all development instances. Build a custom rule package, and configure Inspector to perform a scan using this custom rule on all instances tagged as being in the development environment.

C. Install the Amazon Inspector agent on all development instances. Configure Inspector to perform a scan using this CVE rule package on all instances tagged as being in the development environment.

D. Install the Amazon EC2 System Manager agent on all development instances. Issue the Run command to EC2 System Manager to update all instances.

E. Use AWS Trusted Advisor to check that all EC2 instances have been patched to the most recent version of operating system and installed software.






 

Suggested Answer: CD

Community Answer: CD




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.