ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 791 discussion

Exam question from Amazon's AWS-SysOps
Question #: 791
Topic #: 1
[All AWS-SysOps Questions]

A Security and Compliance team is reviewing Amazon EC2 workloads for unapproved AMI usage.
Which action should a SysOps Administrator recommend?

  • A. Create a custom report using AWS Systems Manager Inventory to identify unapproved AMIs
  • B. Run Amazon Inspector on all EC2 instances and flag instances using unapproved AMIs
  • C. Use an AWS Config rule to identify unapproved AMIs
  • D. Use AWS Trusted Advisor to identify EC2 workloads using unapproved AMIs
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Reference:
https://aws.amazon.com/blogs/devops/aws-config-checking-for-compliance-with-new-managed-rule-options/
by nicat at May 10, 2020, 3:46 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nicat
Highly Voted 3 years, 1 month ago
C. Use an AWS Config rule to identify unapproved AMIs
upvoted 11 times
...
jyrajan69
Most Recent 6 months ago
The correct answer is: A. Create a custom report using AWS Systems Manager Inventory to identify unapproved AMIs Explanation: AWS Systems Manager Inventory provides a centralized inventory of resources, including EC2 instances and their associated AMIs. By creating a custom report, the SysOps Administrator can easily identify instances running unapproved AMIs, allowing the Security and Compliance team to take appropriate action. Here's why the other options are not the best choices: B. Amazon Inspector is a security assessment service, not designed for identifying unapproved AMIs. C. AWS Config rules can monitor resource configurations, but aren't ideal for identifying unapproved AMIs in use. D. AWS Trusted Advisor provides best practice recommendations, but doesn't specifically identify unapproved AMIs. By using AWS Systems Manager Inventory, the Administrator can quickly and effectively identify unapproved AMI usage, addressing the Security and Compliance team's concerns.
upvoted 1 times
...
albert_kuo
1 year, 3 months ago
Selected Answer: C
AWS Config is a service that allows you to assess, audit, and evaluate the configurations of your AWS resources. It continuously monitors the configuration changes and compliance of the AWS resources in your account against predefined rules, called AWS Config rules.
upvoted 1 times
...
RicardoD
2 years, 11 months ago
C is the answer
upvoted 1 times
...
Chirantan
2 years, 11 months ago
Answer is C https://aws.amazon.com/blogs/devops/aws-config-checking-for-compliance-with-new-managed-rule-options/ AWS Config rules can now check that running instances are using approved Amazon Machine Images, or AMIs. You can specify a list of approved AMI by ID or provide a tag to specify the list of AMI Ids.
upvoted 3 times
...
jackdryan
3 years ago
I'll go with C
upvoted 2 times
...
MFDOOM
3 years ago
C. Use an AWS Config rule to identify unapproved AMIs
upvoted 1 times
...
gretch
3 years ago
C AWS Config rules can now check that running instances are using approved Amazon Machine Images, or AMIs. You can specify a list of approved AMI by ID or provide a tag to specify the list of AMI Ids.
upvoted 3 times
...
AWS_Noob
3 years ago
C https://aws.amazon.com/blogs/devops/aws-config-checking-for-compliance-with-new-managed-rule-options/
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago