exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 158 discussion

A company has AWS accounts in an organization in AWS Organizations. The company needs to install a corporate software package on all Amazon EC2 instances for all the accounts in the organization.

A central account provides base AMIs for the EC2 instances. The company uses AWS Systems Manager for software inventory and patching operations.

A security engineer must implement a solution that detects EC2 instances that do not have the required software. The solution also must automatically install the software if the software is not present.

Which solution will meet these requirements?

  • A. Provide new AMIs that have the required software pre-installed. Apply a tag to the AMIs to indicate that the AMIs have the required software. Configure an SCP that allows new EC2 instances to be launched only if the instances have the tagged AMIs. Tag all existing EC2 instances.
  • B. Configure a custom patch baseline in Systems Manager Patch Manager. Add the package name for the required software to the approved packages list. Associate the new patch baseline with all EC2 instances. Set up a maintenance window for software deployment.
  • C. Centrally enable AWS Config. Set up the ec2-managedinstance-applications-required AWS Config rule for all accounts. Create an Amazon EventBridge rule that reacts to AWS Config events. Configure the EventBridge rule to invoke an AWS Lambda function that uses Systems Manager Run Command to install the required software.
  • D. Create a new Systems Manager Distributor package for the required software. Specify the download location. Select all EC2 instances in the different accounts. Install the software by using Systems Manager Run Command.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
navid1365
4 months ago
Selected Answer: C
C: This solution uses AWS Config to monitor the compliance of EC2 instances with the required software. AWS Config can detect instances that do not have the software installed and trigger an automated remediation process using AWS Lambda and Systems Manager Run Command.
upvoted 3 times
...
kupo777
4 months, 3 weeks ago
C is correct. Option A is a method of restricting activation by tag without detection. Option B is Software cannot be installed. Option D is to install the software without detection.
upvoted 3 times
...
aescudero51
5 months, 4 weeks ago
Selected Answer: C
My answer is C. Detecting Missing Software: AWS Config with the ec2-managedinstance-applications-required rule continuously monitors EC2 instances and identifies ones without the required software. Automated Installation: The EventBridge rule automatically triggers upon a Config non-compliance event. Centralized Management: The solution operates centrally from the organization's master account, ensuring consistent enforcement across all member accounts. Flexibility: This approach allows for future software updates by simply modifying the Lambda function logic or the package definition in Systems Manager Distributor.
upvoted 3 times
...
Mandar
6 months ago
D is correct: https://docs.aws.amazon.com/systems-manager/latest/userguide/distributor.html
upvoted 1 times
...
aescudero51
6 months, 1 week ago
Selected Answer: C
C is correct https://aws.amazon.com/blogs/mt/deploying-packages-sequentially-aws-systems-manager/
upvoted 4 times
...
Shreyas
6 months, 1 week ago
Selected Answer: B
Ans - B
upvoted 1 times
...
Viseks
6 months, 2 weeks ago
Ans - B
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...