ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 188 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 188
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A Security Engineer has several thousand Amazon EC2 instances split across production and development environments. Each instance is tagged with its environment. The Engineer needs to analyze and patch all the development EC2 instances to ensure they are not currently exposed to any common vulnerabilities or exposures (CVEs).
Which combination of steps is the MOST efficient way for the Engineer to meet these requirements? (Choose two.)

  • A. Log on to each EC2 instance, check and export the different software versions installed, and verify this against a list of current CVEs.
  • B. Install the Amazon Inspector agent on all development instances. Build a custom rule package, and configure Inspector to perform a scan using this custom rule on all instances tagged as being in the development environment.
  • C. Install the Amazon Inspector agent on all development instances. Configure Inspector to perform a scan using this CVE rule package on all instances tagged as being in the development environment.
  • D. Install the Amazon EC2 System Manager agent on all development instances. Issue the Run command to EC2 System Manager to update all instances.
  • E. Use AWS Trusted Advisor to check that all EC2 instances have been patched to the most recent version of operating system and installed software.
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by DayQuil at March 12, 2021, 10:10 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DayQuil
Highly Voted 3 years, 8 months ago
C and D. Use Inspector to scan each instance for vulnerabilities. Then use the SSM RunCommand to patch the fleet of dev EC2 instances.
upvoted 14 times
...
ITGURU51
Most Recent 2 years, 1 month ago
We need to deploy AWS Systems manager to patch the development environment. C In addition, Amazon Inspector provides security assessments to detect software vulnerabilities which can used to compromise the integrity of information systems. CD
upvoted 1 times
...
sapien45
2 years, 9 months ago
Selected Answer: CD
The rules in this package help verify whether the EC2 instances in your assessment targets are exposed to common vulnerabilities and exposures (CVEs). The CVE rules package is updated regularly; Attacks can exploit unpatched vulnerabilities to compromise the confidentiality, integrity, or availability of your service or data. The CVE system provides a reference method for publicly known information security vulnerabilities and exposures If a particular CVE appears in a finding that is produced by an Amazon Inspector Classic assessment, you can search https://cve.mitre.org/ for the ID of the CVE
upvoted 2 times
...
acloudguru
3 years, 6 months ago
easy question, CD, hope i can get it in my exam
upvoted 3 times
...
kiev
3 years, 7 months ago
Inspector for CVE and System manager of patching update and therefore CD is the answer
upvoted 2 times
...
sanjaym
3 years, 7 months ago
Agree. C & D
upvoted 4 times
...
JAWS1600
3 years, 8 months ago
Agree C and D https://docs.aws.amazon.com/inspector/latest/userguide/inspector_cves.html
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel