ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 11 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 11
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A company wants to ensure that their EC2 instances are secure. They want to be notified if any new vulnerabilities are discovered on their instances, and they also want an audit trail of all login activities on the instances.
Which solution will meet these requirements?

  • A. Use AWS Systems Manager to detect vulnerabilities on the EC2 instances. Install the Amazon Kinesis Agent to capture system logs and deliver them to Amazon S3.
  • B. Use AWS Systems Manager to detect vulnerabilities on the EC2 instances. Install the Systems Manager Agent to capture system logs and view login activity in the CloudTrail console.
  • C. Configure Amazon CloudWatch to detect vulnerabilities on the EC2 instances. Install the AWS Config daemon to capture system logs and view them in the AWS Config console.
  • D. Configure Amazon Inspector to detect vulnerabilities on the EC2 instances. Install the Amazon CloudWatch Agent to capture system logs and record them via Amazon CloudWatch Logs.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Rajarshi at March 14, 2021, 7:14 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
devopp
Highly Voted 3 years, 8 months ago
Has to be D with Inspector & CW Logging there.
upvoted 17 times
...
atchechemuch
Most Recent 1 year, 1 month ago
Selected Answer: B
Amazon Inspector is for apps / software in the EC2. The question only mentions the vulnerability of the instances itself
upvoted 1 times
...
DaddyDee
1 year, 12 months ago
Answer is D. Inspector = Vulnerabilities, Instance level audit logs (not account level login logs) CW agent
upvoted 2 times
...
rinky24
2 years ago
B. It depends on which resources you’re scanning. AWS Systems Manager Agent (SSM Agent) is required for vulnerability scanning of Amazon EC2 instances. No agents are required for network reachability of Amazon EC2 instances and vulnerability scanning of container images, or for vulnerability scanning of Lambda functions.
upvoted 1 times
...
ParagSanyashiv
2 years, 2 months ago
Selected Answer: D
D is correct answer as we have to detect vulnerabilities and send it to CloudTrail. AWS Inspector works here.
upvoted 1 times
...
mgonblan
2 years, 2 months ago
B isn't good because we need a SIEM to send the logging information from cloudtrail. We could use Inspector to detect vulnerabilities on EC2 instances.
upvoted 1 times
...
Tika01
2 years, 3 months ago
Amazon Inspector is a service that automatically assesses applications for vulnerabilities and compliance issues. It is integrated with Amazon EC2 instances and can automatically scan instances for known vulnerabilities. Installing the Amazon CloudWatch agent on the instances allows for capturing system logs and recording them via Amazon CloudWatch Logs. With this setup, the company can receive notifications for new vulnerabilities and also have an audit trail of login activities on the instances.
upvoted 2 times
...
sasa33_p
2 years, 4 months ago
Selected Answer: D
Only Amazon Inspector can detect vulnerabilities.
upvoted 2 times
...
Flysun
2 years, 4 months ago
D is correct. Only Amazon Inspector can detect vulnerabilities.
upvoted 2 times
...
Kuntazulu
2 years, 4 months ago
Definitely D U use CloudWatch agent to get the login info in the ec2, not SSM
upvoted 2 times
...
thuyeinaung
2 years, 4 months ago
Selected Answer: D
D is the right ans
upvoted 2 times
...
PepsNick
2 years, 5 months ago
Selected Answer: B
It actually is B even though you would think D. Have a look at this article. https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-compliance.html Compliance offers the following additional benefits and features: View compliance history and change tracking for Patch Manager patching data and State Manager associations by using AWS Config. Customize Compliance to create your own compliance types based on your IT or business requirements. Remediate issues by using Run Command, another capability of AWS Systems Manager, State Manager, or Amazon EventBridge. Port data to Amazon Athena and Amazon QuickSight to generate fleet-wide reports.
upvoted 3 times
penelop
2 years, 5 months ago
Wrong. Compliance != Security. SSM Compliance is used to ensure the software satisfies your company's standard, but it does not check for vulnerabilities in said patches.
upvoted 6 times
...
...
Bulti
2 years, 6 months ago
D is the correct answer
upvoted 1 times
...
jlb
2 years, 7 months ago
D: AWS Inspector for vulnerability scans
upvoted 1 times
...
XAvenger
2 years, 8 months ago
Selected Answer: D
D. SSM can be used to check if configuration is compliant, but Inspector is used to check EC2 vulnerabilities.
upvoted 4 times
...
Vasudevay
2 years, 8 months ago
Selected Answer: B
B seems right as It requires Login trail as well >> Cloud Trail System vulnerability >> can be detected by SSM via SSM agent installation
upvoted 2 times
...
Arbaj
2 years, 9 months ago
Obvious Choice, Inspector ! For any vulnerability at instance level. And Cloud watch to log all actions
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel