ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 478 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 478
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is deploying a new application on AWS. The application consists of an Amazon Elastic Kubernetes Service (Amazon EKS) cluster and an Amazon Elastic Container Registry (Amazon ECR) repository. The EKS cluster has an AWS managed node group.

The company's security guidelines state that all resources on AWS must be continuously scanned for security vulnerabilities.

Which solution will meet this requirement with the LEAST operational overhead?

  • A. Activate AWS Security Hub. Configure Security Hub to scan the EKS nodes and the ECR repository.
  • B. Activate Amazon Inspector to scan the EKS nodes and the ECR repository.
  • C. Launch a new Amazon EC2 instance and install a vulnerability scanning tool from AWS Marketplace. Configure the EC2 instance to scan the EKS nodes. Configure Amazon ECR to perform a basic scan on push.
  • D. Install the Amazon CloudWatch agent on the EKS nodes. Configure the CloudWatch agent to scan continuously. Configure Amazon ECR to perform a basic scan on push.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by devnv at April 13, 2024, 12:38 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AzureDP900
7 months, 2 weeks ago
B is most appropriate and no additional overhead.
upvoted 1 times
...
9f02c8d
1 year ago
A is the correct answer, not B is focused primarily on scanning Amazon EC2 instances for vulnerabilities and does not natively support scanning Amazon EKS nodes or Amazon ECR repositories
upvoted 1 times
...
iulian0585
1 year ago
Selected Answer: B
A. Activate AWS Security Hub: While AWS Security Hub aggregates security findings from various AWS services, it is not primarily designed for continuous scanning of EKS nodes or ECR repositories. Security Hub is more suited for compliance checks and aggregation of security alerts from multiple sources.
upvoted 3 times
...
blackname
1 year, 1 month ago
Selected Answer: B
A -> False. Security Hub is just a Finding aggregator of other services like AWS config, Inspector, Macie, ..., even security hub controls are in the end config rules. B -> True. Inspector scans EC2, ECR, lambda functions (either layer analysis, either deep scan of the code), ... C -> False. Has a lot of effort. Plus "perform a basic scan on push" is a deprecated thing, inspector should be used. D -> False. CW Agent does not report vulns. Inspector uses SSM Agent to perform vulnerability scans. Plus "perform a basic scan on push" is a deprecated thing, inspector should be used.
upvoted 4 times
...
Fu7ed
1 year, 2 months ago
Selected Answer: B
Configuration and vulnerability analysis in Amazon EKS - You can use Amazon Inspector to check for unintended network accessibility of your nodes and for vulnerabilities on those Amazon EC2 instances. https://docs.aws.amazon.com/eks/latest/userguide/configuration-vulnerability-analysis.html Amazon Inspector automatically discovers and scans running Amazon EC2 instances, container images in Amazon Elastic Container Registry (Amazon ECR), and AWS Lambda functions for known software vulnerabilities and unintended network exposure. https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html So, answer is B.
upvoted 2 times
...
4555894
1 year, 2 months ago
Selected Answer: B
EKS nodes == EC2 , ECR repository = AWS Inspector
upvoted 1 times
...
tushar321
1 year, 2 months ago
B. Inspector
upvoted 2 times
...
AwsZora
1 year, 2 months ago
Selected Answer: A
Inspector not suppot for eks
upvoted 1 times
...
teo2157
1 year, 2 months ago
Selected Answer: B
Security hub integrates many Security features but the scaning itself is done by Amazon Inspector so going for B.
upvoted 4 times
...
Zas1
1 year, 2 months ago
Selected Answer: B
You can use Amazon Inspector to check for unintended network accessibility of your nodes and for vulnerabilities on those Amazon EC2 instances. https://docs.aws.amazon.com/eks/latest/userguide/configuration-vulnerability-analysis.html
upvoted 4 times
...
Russs99
1 year, 2 months ago
Selected Answer: A
A is the correct answer for the given scenario
upvoted 1 times
...
devnv
1 year, 2 months ago
A is correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel