ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 53 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 53
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company is performing vulnerability scanning for all Amazon EC2 instances across many accounts. The accounts are in an organization in AWS Organizations. Each account's VPCs are attached to a shared transit gateway. The VPCs send traffic to the internet through a central egress VPC. The company has enabled Amazon Inspector in a delegated administrator account and has enabled scanning for all member accounts.
A DevOps engineer discovers that some EC2 instances are listed in the "not scanning" tab in Amazon Inspector.
Which combination of actions should the DevOps engineer take to resolve this issue? (Choose three.)

  • A. Verify that AWS Systems Manager Agent is installed and is running on the EC2 instances that Amazon Inspector is not scanning.
  • B. Associate the target EC2 instances with security groups that allow outbound communication on port 443 to the AWS Systems Manager service endpoint.
  • C. Grant inspector:StartAssessmentRun permissions to the IAM role that the DevOps engineer is using.
  • D. Configure EC2 Instance Connect for the EC2 instances that Amazon Inspector is not scanning.
  • E. Associate the target EC2 instances with instance profiles that grant permissions to communicate with AWS Systems Manager.
  • F. Create a managed-instance activation. Use the Activation Code and the Activation ID to register the EC2 instances.
Show Suggested Answer Hide Answer
Suggested Answer: ABE 🗳️
by Dimidrol at April 6, 2023, 8:03 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Dimidrol
Highly Voted 1 year, 7 months ago
Selected Answer: ABE
A b e https://docs.aws.amazon.com/inspector/latest/user/scanning-ec2.html
upvoted 7 times
...
dzn
Most Recent 8 months, 2 weeks ago
Selected Answer: ABE
C is not a fundamental solution. Because Inspector is actually able to run, and it is not the same IAM role that DevOps uses.
upvoted 3 times
...
thanhnv142
9 months, 1 week ago
ABE are correct: Check if SSM agent is installed, check connection and permission of Ec2 that allows access to SSM C: no need to grant inspector:StartAssessmentRun permissions because the dev has already finish the scanning task D: There is not EC2 instance Connect, only need SSM agent F: there is no managed-instance activation
upvoted 4 times
...
yorkicurke
11 months ago
Selected Answer: ABE
the following link explains it all; https://repost.aws/knowledge-center/systems-manager-ec2-instance-not-appear
upvoted 3 times
...
madperro
1 year, 4 months ago
Selected Answer: ABE
ABE seem to be prerequisites to work with SSM and Inspector.
upvoted 2 times
...
bcx
1 year, 5 months ago
Selected Answer: ABE
A B E is the correct one IMHO
upvoted 2 times
...
ParagSanyashiv
1 year, 6 months ago
Selected Answer: ABE
ABE makes more sense.
upvoted 2 times
...
alce2020
1 year, 6 months ago
A,B,E are correct https://docs.aws.amazon.com/inspector/latest/user/scanning-ec2.html
upvoted 3 times
...
jqso234
1 year, 6 months ago
Selected Answer: ABE
Option C suggests granting inspector:StartAssessmentRun permissions to the IAM role being used by the DevOps engineer. However, this may not be relevant to the issue of instances not being scanned by Amazon Inspector, as the IAM role may already have the necessary permissions by default. Therefore, A, B, E is a better choice in this case as it includes the necessary steps to ensure that the instances can communicate with AWS Systems Manager, which is required for Amazon Inspector to scan the instances.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago