Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SCS-C02 Topic 2 Question 32 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 32
Topic #: 2
[All SCS-C02 Questions]

A company has AWS accounts in an organization in AWS Organizations. The company needs to install a corporate software package on all Amazon EC2 instances for all the accounts in the organization.

A central account provides base AMIs for the EC2 instances. The company uses AWS Systems Manager for software inventory and patching operations.

A security engineer must implement a solution that detects EC2 instances ttjat do not have the required software. The solution also must automatically install the software if the software is not present.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: C

Utilizing AWS Config with a custom AWS Config rule (ec2-managedinstance-applications-required) enables detection of EC2 instances lacking the required software across all accounts in an organization. By creating an Amazon EventBridge rule that triggers on AWS Config events, and configuring it to invoke an AWS Lambda function, automated actions can be taken to ensure compliance. The Lambda function can leverage AWS Systems Manager Run Command to install the necessary software on non-compliant instances. This approach ensures continuous compliance and automated remediation, aligning with best practices for cloud security and management.


Contribute your Thoughts:

Vincent
2 months ago
I'm not sure about option C. I think option A could also work by providing new AMIs with the software pre-installed and tagging them for easy identification.
upvoted 0 times
...
Geraldine
2 months ago
I agree with Micaela. Using AWS Config with EventBridge and Lambda function to install the software centrally is efficient and effective.
upvoted 0 times
...
Ira
2 months ago
Wow, these options are all quite technical. I'd need a Ph.D. in AWS to understand them properly. Maybe I should just ask Alexa for help.
upvoted 0 times
...
Vince
2 months ago
Option D is the way to go! Simplicity is key, and using Systems Manager Distributor to install the software makes it a breeze.
upvoted 0 times
Major
1 months ago
Yes, Option D seems like the most practical choice. Systems Manager Distributor will simplify the software installation across all EC2 instances.
upvoted 0 times
...
Art
1 months ago
I think Option D is the most straightforward solution. Systems Manager Distributor will make the software installation process smooth.
upvoted 0 times
...
Stefany
1 months ago
I agree, Option D is simple and efficient. It's the way to go for sure.
upvoted 0 times
...
Yun
2 months ago
Yes, Option D is the most straightforward way to ensure all EC2 instances have the required software installed.
upvoted 0 times
...
Jennifer
2 months ago
Option D is definitely the best choice. Using Systems Manager Distributor makes the software installation process easy.
upvoted 0 times
...
Miesha
2 months ago
I agree, using Systems Manager Distributor is a simple and efficient solution for this scenario.
upvoted 0 times
...
Elliot
2 months ago
Option D is definitely the best choice. Systems Manager Distributor makes it easy to install the software on all EC2 instances.
upvoted 0 times
...
...
Yasuko
3 months ago
I wonder if the software package comes with a '90s-style screensaver. That would really seal the deal for me.
upvoted 0 times
...
Macy
3 months ago
Option C seems like the most comprehensive solution. Leveraging AWS Config, EventBridge, and Lambda to automate the process is a clever approach.
upvoted 0 times
Julieta
1 months ago
Definitely, having that level of automation can save a lot of time and ensure consistency across all accounts.
upvoted 0 times
...
Twanna
1 months ago
It's important to have a solution that can automatically detect and install the required software on all EC2 instances.
upvoted 0 times
...
Kerry
1 months ago
I agree, using AWS Config, EventBridge, and Lambda together can definitely automate the process effectively.
upvoted 0 times
...
Malcolm
2 months ago
Option C seems like the most comprehensive solution.
upvoted 0 times
...
...
Micaela
3 months ago
I think option C is the best solution. Enabling AWS Config and setting up the required rule seems like a good way to detect and install the software.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77