For compliance reasons, a Security Engineer must produce a weekly report that lists any instance that does not have the latest approved patches applied. The Engineer must also ensure that no system goes more than 30 days without the latest approved updates being applied. What would be the MOST efficient way to achieve these goals?
A) Use Amazon Inspector to determine which systems do not have the latest patches applied, and after 30 days, redeploy those instances with the latest AMI version.
B) Configure Amazon EC2 Systems Manager to report on instance patch compliance, and enforce updates during the defined maintenance windows.
C) Examine AWS CloudTrail logs to determine whether any instances have not restarted in the last 30 days, and redeploy those instances.
D) Update the AMIs with the latest approved patches, and redeploy each instance during the defined maintenance window.
Correct Answer:
Verified
Q80: An AWS Lambda function was misused to
Q81: A company is developing a highly resilient
Q82: A recent security audit found that AWS
Q83: A company is operating an open-source software
Q84: A company is migrating its legacy workloads
Q86: A company has an encrypted Amazon S3
Q87: An Application team has requested a new
Q88: A Security Administrator is restricting the capabilities
Q89: A company's Developers plan to migrate their
Q90: A Security Engineer manages AWS Organizations for
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents