Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 164 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 164
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company runs a workload on Amazon EC2 instances. The company needs a control that requires the use of Instance Metadata Service Version 2 (IMDSv2) on all EC2 instances in the AWS account. If an EC2 instance does not prevent the use of Instance Metadata Service Version 1 (IMDSv1), the EC2 instance must be terminated.

Which solution will meet these requirements?

  • A. Set up AWS Config in the account. Use a managed rule to check EC2 instances. Configure the rule to remediate the findings by using AWS Systems Manager Automation to terminate the instance.
  • B. Create a permissions boundary that prevents the ec2:RunInstance action if the ec2:MetadataHttpTokens condition key is not set to a value of required. Attach the permissions boundary to the IAM role that was used to launch the instance.
  • C. Set up Amazon Inspector in the account. Configure Amazon Inspector to activate deep inspection for EC2 instances. Create an Amazon EventBridge rule for an Inspector2 finding. Set an AWS Lambda function as the target to terminate the instance.
  • D. Create an Amazon EventBridge rule for the EC2 instance launch successful event. Send the event to an AWS Lambda function to inspect the EC2 metadata and to terminate the instance.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by csG13 at Dec. 29, 2023, 4:58 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
csG13
Highly Voted 4 months ago
Selected Answer: A
AWS Config can do this using the managed ec2-imdsv2-check rule. Here is a reference: https://docs.aws.amazon.com/config/latest/developerguide/ec2-imdsv2-check.html
upvoted 6 times
...
c3518fc
Most Recent 1 week, 2 days ago
Selected Answer: A
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It provides managed rules that you can use to evaluate the configuration settings of your resources against desired configurations. In this case, you can use the AWS Config managed rule "ec2-imdsv2-check" to evaluate whether your EC2 instances are using the Instance Metadata Service Version 2 (IMDSv2) or not. This rule checks if the EC2 instances have the HTTP token request enabled for the Instance Metadata Service (IMDS), which is a requirement for using IMDSv2. If an EC2 instance is found to be non-compliant with the rule (i.e., not using IMDSv2), AWS Config can be configured to automatically remediate the non-compliant resource. You can set up AWS Systems Manager Automation to terminate the non-compliant EC2 instance as the remediation action.
upvoted 1 times
...
DanShone
1 month, 2 weeks ago
Selected Answer: A
A - AWS Config
upvoted 1 times
...
DanShone
1 month, 2 weeks ago
A - AWS Config
upvoted 1 times
...
thanhnv142
2 months, 3 weeks ago
Selected Answer: A
A is correct: use Config to monitor and SSM Automation to terminate instances B: permission boundary cannot spot the need-to-terminate instances C: Inspector is for vul scanning D: EC2 instance launch successful event wont provide sufficient information
upvoted 2 times
...
kabary
4 months ago
Selected Answer: A
Answer A
upvoted 1 times
...
d262e67
4 months ago
Selected Answer: A
Only viable option
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel