ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 221 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 221
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company is migrating its Amazon EC2 based applications to use Instance Metadata Service Version 2 (IMDSv2). A security engineer needs to determine whether any of the EC2 instances are still using Instance Metadata Service Version 1 (IMDSv1).

What should the security engineer do to confirm that the IMDSv1 endpoint is no longer being used?

  • A. Configure logging on the Amazon CloudWatch agent for IMDSv1 as part of EC2 instance startup. Create a metric filter and a CloudWatch dashboard. Track the metric in the dashboard.
  • B. Create an Amazon CloudWatch dashboard. Verify that the EC2:MetadataNoToken metric is zero across all EC2 instances. Monitor the dashboard.
  • C. Create a security group that blocks access to HTTP for the IMDSv1 endpoint. Attach the security group to all EC2 instances.
  • D. Configure user data scripts for all EC2 instances to send logging information to AWS CloudTrail when IMDSV1 is used. Create a metric filter and an Amazon CloudWatch dashboard. Track the metric in the dashboard.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Pmktechno at Dec. 29, 2024, 6:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
phmeeeee
3 weeks, 4 days ago
Selected Answer: B
agree with @Pmktechno. EC2:MetadataNoToken is a built-in metric published by Amazon EC2 that counts the number of times the instance metadata service is accessed without a token which is a characteristic of IMDSv1.
upvoted 1 times
...
Pmktechno
4 months ago
Selected Answer: B
EC2:MetadataNoToken Metric: This metric indicates the number of requests to the instance metadata service that do not use a token, which is a characteristic of IMDSv1. If this metric is zero, it means that no requests are being made to the IMDSv1 endpoint. Amazon CloudWatch Dashboard: By creating a dashboard, the security engineer can easily monitor this metric across all EC2 instances in real-time. This method provides a straightforward and effective way to ensure that all instances have transitioned to using IMDSv2.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago