ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 256 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 256
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A security engineer is designing security controls for a fleet of Amazon EC2 instances that run sensitive workloads in a VPC. The security engineer needs to implement a solution to detect and mitigate software vulnerabilities on the EC2 instances.

Which solution will meet this requirement?

  • A. Scan the EC2 instances by using Amazon Inspector. Apply security patches and updates by using AWS Systems Manager Patch Manager.
  • B. Install host-based firewall and antivirus software on each EC2 instance. Use AWS Systems Manager Run Command to update the firewall and antivirus software.
  • C. Install the Amazon CloudWatch agent on the EC2 instances. Enable detailed logging. Use Amazon EventBridge to review the software logs for anomalies.
  • D. Scan the EC2 instances by using Amazon GuardDuty Malware Protection. Apply security patches and updates by using AWS Systems Manager Patch Manager.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by IPLogic at Dec. 5, 2024, 10:26 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
IPLogic
4 months, 3 weeks ago
Selected Answer: A
The best solution to detect and mitigate software vulnerabilities on the EC2 instances is: A. Scan the EC2 instances by using Amazon Inspector. Apply security patches and updates by using AWS Systems Manager Patch Manager. Amazon Inspector: It provides automated vulnerability management for your EC2 instances. It continuously scans for vulnerabilities and deviations from best practices, giving you detailed findings and recommendations. AWS Systems Manager Patch Manager: This tool automates the process of applying security patches and updates, ensuring your instances are always up-to-date with the latest security patches. This combination offers a comprehensive approach to both detecting and mitigating vulnerabilities with minimal manual intervention, ensuring continuous compliance and security.
upvoted 1 times
IPLogic
4 months, 3 weeks ago
Option B: While installing host-based firewalls and antivirus software is good practice, it doesn't provide the same level of automated vulnerability detection and mitigation as Amazon Inspector combined with Patch Manager. Option C: This involves a more manual process of reviewing logs for anomalies, which is less efficient and scalable compared to automated solutions. Option D: GuardDuty focuses on threat detection rather than vulnerability management. While it's useful, it doesn't directly address the need for patch management.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago