ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 656 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 656
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company is using an existing orchestration tool to manage thousands of Amazon EC2 instances. A recent penetration test found a vulnerability in the company's software stack. This vulnerability has prompted the company to perform a full evaluation of its current production environment. The analysis determined that the following vulnerabilities exist within the environment:
✑ Operating systems with outdated libraries and known vulnerabilities are being used in production.
✑ Relational databases hosted and managed by the company are running unsupported versions with known vulnerabilities.
✑ Data stored in databases is not encrypted.
The solutions architect intends to use AWS Config to continuously audit and assess the compliance of the company's AWS resource configurations with the company's policies and guidelines.
What additional steps will enable the company to secure its environments and track resources while adhering to best practices?

  • A. Use AWS Application Discovery Service to evaluate all running EC2 instances Use the AWS CLI to modify each instance, and use EC2 user data to install the AWS Systems Manager Agent during boot. Schedule patching to run as a Systems Manager Maintenance Windows task. Migrate all relational databases to Amazon RDS and enable AWS KMS encryption.
  • B. Create an AWS CloudFormation template for the EC2 instances. Use EC2 user data in the CloudFormation template to install the AWS Systems Manager Agent, and enable AWS KMS encryption on all Amazon EBS volumes. Have CloudFormation replace all running instances. Use Systems Manager Patch Manager to establish a patch baseline and deploy a Systems Manager Maintenance Windows task to execute AWS-RunPatchBaseline using the patch baseline.
  • C. Install the AWS Systems Manager Agent on all existing instances using the company's current orchestration tool. Use the Systems Manager Run Command to execute a list of commands to upgrade software on each instance using operating system-specific tools. Enable AWS KMS encryption on all Amazon EBS volumes.
  • D. Install the AWS Systems Manager Agent on all existing instances using the company's current orchestration tool. Migrate all relational databases to Amazon RDS and enable AWS KMS encryption. Use Systems Manager Patch Manager to establish a patch baseline and deploy a Systems Manager Maintenance Windows task to execute AWS-RunPatchBaseline using the patch baseline.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by liono at Nov. 5, 2020, 1:49 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
liono
Highly Voted 3 years, 7 months ago
D looks correct
upvoted 16 times
...
Ebi
Highly Voted 3 years, 6 months ago
D for sure
upvoted 10 times
...
AzureDP900
Most Recent 3 years, 4 months ago
D is correct answer !
upvoted 1 times
...
Kopa
3 years, 6 months ago
D correct
upvoted 1 times
...
tgv
3 years, 6 months ago
DDD ---
upvoted 1 times
...
Suresh108
3 years, 6 months ago
B, C -eliminated, no mention of RDS A - AWS Application Discovery Service involved with on premise migration , elimiate it. choosing DDDDDD
upvoted 4 times
...
WhyIronMan
3 years, 6 months ago
I'll go with D
upvoted 1 times
...
Waiweng
3 years, 6 months ago
it;s D
upvoted 6 times
...
Kian1
3 years, 6 months ago
going with D
upvoted 5 times
...
Bulti
3 years, 6 months ago
D is correct. You do not want to go with B because it's a lot of work to replace the current orchestration toll with cloud formation templates
upvoted 4 times
...
T14102020
3 years, 7 months ago
D is correct
upvoted 2 times
...
jackdryan
3 years, 7 months ago
I'll go with D
upvoted 3 times
...
liono
3 years, 7 months ago
You need to encrypt DB during creation.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago