Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 158 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 158
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company has AWS accounts in an organization in AWS Organizations. The company needs to install a corporate software package on all Amazon EC2 instances for all the accounts in the organization.

A central account provides base AMIs for the EC2 instances. The company uses AWS Systems Manager for software inventory and patching operations.

A security engineer must implement a solution that detects EC2 instances that do not have the required software. The solution also must automatically install the software if the software is not present.

Which solution will meet these requirements?

  • A. Provide new AMIs that have the required software pre-installed. Apply a tag to the AMIs to indicate that the AMIs have the required software. Configure an SCP that allows new EC2 instances to be launched only if the instances have the tagged AMIs. Tag all existing EC2 instances.
  • B. Configure a custom patch baseline in Systems Manager Patch Manager. Add the package name for the required software to the approved packages list. Associate the new patch baseline with all EC2 instances. Set up a maintenance window for software deployment.
  • C. Centrally enable AWS Config. Set up the ec2-managedinstance-applications-required AWS Config rule for all accounts. Create an Amazon EventBridge rule that reacts to AWS Config events. Configure the EventBridge rule to invoke an AWS Lambda function that uses Systems Manager Run Command to install the required software.
  • D. Create a new Systems Manager Distributor package for the required software. Specify the download location. Select all EC2 instances in the different accounts. Install the software by using Systems Manager Run Command.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Viseks at May 24, 2024, 8:10 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
navid1365
1 month ago
Selected Answer: C
C: This solution uses AWS Config to monitor the compliance of EC2 instances with the required software. AWS Config can detect instances that do not have the software installed and trigger an automated remediation process using AWS Lambda and Systems Manager Run Command.
upvoted 2 times
...
kupo777
1 month, 3 weeks ago
C is correct. Option A is a method of restricting activation by tag without detection. Option B is Software cannot be installed. Option D is to install the software without detection.
upvoted 2 times
...
aescudero51
3 months ago
Selected Answer: C
My answer is C. Detecting Missing Software: AWS Config with the ec2-managedinstance-applications-required rule continuously monitors EC2 instances and identifies ones without the required software. Automated Installation: The EventBridge rule automatically triggers upon a Config non-compliance event. Centralized Management: The solution operates centrally from the organization's master account, ensuring consistent enforcement across all member accounts. Flexibility: This approach allows for future software updates by simply modifying the Lambda function logic or the package definition in Systems Manager Distributor.
upvoted 3 times
...
Mandar
3 months, 1 week ago
D is correct: https://docs.aws.amazon.com/systems-manager/latest/userguide/distributor.html
upvoted 1 times
...
aescudero51
3 months, 1 week ago
Selected Answer: C
C is correct https://aws.amazon.com/blogs/mt/deploying-packages-sequentially-aws-systems-manager/
upvoted 4 times
...
Shreyas
3 months, 1 week ago
Selected Answer: B
Ans - B
upvoted 1 times
...
Viseks
3 months, 2 weeks ago
Ans - B
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel