exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 144 discussion

An online media company has an application that customers use to watch events around the world. The application is hosted on a fleet of Amazon EC2 instances that run Amazon Linux 2. The company uses AWS Systems Manager to manage the EC2 instances. The company applies patches and application updates by using the AWS-AmazonLinux2DefaultPatchBaseline patching baseline in Systems Manager Patch Manager.

The company is concerned about potential attacks on the application during the week of an upcoming event. The company needs a solution that can immediately deploy patches to all the EC2 instances in response to a security incident or vulnerability. The solution also must provide centralized evidence that the patches were applied successfully.

Which combination of steps will meet these requirements? (Choose two.)

  • A. Create a new patching baseline in Patch Manager. Specify Amazon Linux 2 as the product. Specify Security as the classification. Set the automatic approval for patches to 0 days. Ensure that the new patching baseline is the designated default for Amazon Linux 2.
  • B. Use the Patch Now option with the scan and install operation in the Patch Manager console to apply patches against the baseline to all nodes. Specify an Amazon S3 bucket as the patching log storage option.
  • C. Use the Clone function of Patch Manager to create a copy of the AWS-AmazonLmux2DefaultPatchBaseline built-in baseline. Set the automatic approval for patches to 1 day.
  • D. Create a patch policy that patches all managed nodes and sends a patch operation log output to an Amazon S3 bucket. Use a custom scan schedule to set Patch Manager to check every hour for new patches. Assign the baseline to the patch policy.
  • E. Use Systems Manager Application Manager to inspect the package versions that were installed on the EC2 instances. Additionally use Application Manager to validate that the patches were correctly installed.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
toshimizu
4 months, 1 week ago
Selected Answer: AD
A,D correct
upvoted 1 times
...
cumzle_com
5 months, 1 week ago
Selected Answer: AB
A: Creating a new patching baseline with the specific settings ensures that security patches are automatically approved without delay (0 days). This immediate approval is crucial during a security incident when rapid patch deployment is necessary. Making this baseline the designated default for Amazon Linux 2 ensures that it is applied consistently across all instances. B: Using the Patch Now option with the scan and install operation ensures that patches are deployed immediately to all EC2 instances. By specifying an Amazon S3 bucket for log storage, the company can centrally store and review logs to provide evidence that the patches were applied successfully. This meets the requirement for centralized evidence of successful patch application.
upvoted 3 times
...
sema2232
5 months, 3 weeks ago
A,D correct
upvoted 1 times
...
sema2232
5 months, 3 weeks ago
why not D
upvoted 2 times
lovekiller
1 month, 3 weeks ago
Application Manager is useful for inspecting and validating package versions, but it does not provide the mechanism for immediate patch deployment. It is more suited for post-deployment validation rather than immediate action.
upvoted 1 times
...
...
5409b91
6 months, 2 weeks ago
Selected Answer: AB
A & B are corrects!
upvoted 1 times
...
Certified101
6 months, 2 weeks ago
Selected Answer: AB
A & B are correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago