Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam DOP-C02 Topic 6 Question 29 Discussion

Actual exam question for Amazon's DOP-C02 exam
Question #: 29
Topic #: 6
[All DOP-C02 Questions]

A company uses Amazon EC2 as its primary compute platform. A DevOps team wants to audit the company's EC2 instances to check whether any prohibited applications have been installed on the EC2 instances.

Which solution will meet these requirements with the MOST operational efficiency?

Show Suggested Answer Hide Answer
Suggested Answer: A

* Configure AWS Systems Manager on Each Instance:

AWS Systems Manager provides a unified interface for managing AWS resources. Install the Systems Manager agent on each EC2 instance to enable inventory management and other features.

* Use AWS Systems Manager Inventory:

Systems Manager Inventory collects metadata about your instances and the software installed on them. This data includes information about applications, network configurations, and more.

Enable Systems Manager Inventory on all EC2 instances to gather detailed information about installed applications.

* Use Systems Manager Resource Data Sync to Synchronize and Store Findings in an Amazon S3 Bucket:

Resource Data Sync aggregates inventory data from multiple accounts and regions into a single S3 bucket, making it easier to query and analyze the data.

Configure Resource Data Sync to automatically transfer inventory data to an S3 bucket for centralized storage.

* Create an AWS Lambda Function that Runs When New Objects are Added to the S3 Bucket:

Use an S3 event to trigger a Lambda function whenever new inventory data is added to the S3 bucket.

The Lambda function can parse the inventory data and check for the presence of prohibited applications.

* Configure the Lambda Function to Identify Prohibited Applications:

The Lambda function should be programmed to scan the inventory data for any known prohibited applications and generate alerts or take appropriate actions if such applications are found.

Example Lambda function in Python

import json

import boto3

def lambda_handler(event, context):

s3 = boto3.client('s3')

bucket = event['Records'][0]['s3']['bucket']['name']

key = event['Records'][0]['s3']['object']['key']

response = s3.get_object(Bucket=bucket, Key=key)

inventory_data = json.loads(response['Body'].read().decode('utf-8'))

prohibited_apps = ['app1', 'app2']

for instance in inventory_data['Instances']:

for app in instance['Applications']:

if app['Name'] in prohibited_apps:

# Send notification or take action

print(f'Prohibited application found: {app['Name']} on instance {instance['InstanceId']}')

return {'statusCode': 200, 'body': json.dumps('Check completed')}

By leveraging AWS Systems Manager Inventory, Resource Data Sync, and Lambda, this solution provides an efficient and automated way to audit EC2 instances for prohibited applications.


AWS Systems Manager Inventory

AWS Systems Manager Resource Data Sync

S3 Event Notifications

AWS Lambda

by Eleonora at Jul 05, 2024, 04:47 PM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Ardella
4 months ago
Option A is the way to go, but I can't help but chuckle at the thought of someone trying to sneak in 'prohibited applications' on their EC2 instances. What, are they running Doom in the background or something?
upvoted 0 times
...
Enola
4 months ago
Option D is like using a sledgehammer to crack a nut. Cloudwatch Logs and custom scripts? Overkill if you ask me.
upvoted 0 times
Titus
3 months ago
B: I think option A might be more efficient. Using Systems Manager Inventory and a Lambda function seems like a more streamlined approach.
upvoted 0 times
...
Avery
3 months ago
A: I agree, option D does seem like overkill. There must be a simpler solution.
upvoted 0 times
...
...
Avery
4 months ago
That's a valid point, Billye. It's important to consider all options before making a decision.
upvoted 0 times
...
Merilyn
4 months ago
While Option B and C also use Systems Manager Inventory, the additional step of creating AWS Config rules or filtering CloudTrail events makes them a bit more complex. Option A is the clear winner here.
upvoted 0 times
Chun
4 months ago
Definitely, having a Lambda function automatically identify prohibited applications is a great idea.
upvoted 0 times
...
Leana
4 months ago
It's important to streamline the process for auditing EC2 instances.
upvoted 0 times
...
Sylvia
4 months ago
I agree, using AWS Systems Manager Inventory and a Lambda function seems like the simplest approach.
upvoted 0 times
...
Dominque
4 months ago
Option A is definitely the most efficient solution.
upvoted 0 times
...
...
Billye
4 months ago
I see your point, Silvana. However, I think option C could also be a good solution by filtering a trail in AWS CloudTrail for Systems Manager Inventory events.
upvoted 0 times
...
Silvana
4 months ago
I disagree, I believe option B is more efficient as it utilizes AWS Config rules to monitor changes from Systems Manager Inventory.
upvoted 0 times
...
Kimbery
5 months ago
I agree, Option A is the way to go. The ability to store the findings in an S3 bucket and then use a Lambda function to analyze them is really efficient.
upvoted 0 times
Kristel
3 months ago
I agree, Option A seems like the best choice. Using Systems Manager Inventory and AWS Lambda for analysis is a great combination.
upvoted 0 times
...
Sabine
4 months ago
I think Option B could also work well. Configuring AWS Config rules to monitor changes from Systems Manager Inventory seems like a good approach.
upvoted 0 times
...
Rozella
4 months ago
Option A is definitely the most efficient. Storing findings in an S3 bucket and using a Lambda function is a smart move.
upvoted 0 times
...
Kami
4 months ago
I agree, Option A seems like the most effective solution. Storing data in S3 and using a Lambda function is a great approach.
upvoted 0 times
...
Iluminada
4 months ago
I think Option A is the best choice too. It's a streamlined process for identifying prohibited applications.
upvoted 0 times
...
Josephine
4 months ago
Option A is definitely the most efficient. Storing findings in an S3 bucket and using a Lambda function is smart.
upvoted 0 times
...
...
Marjory
5 months ago
Option A seems like the most comprehensive solution to audit the EC2 instances. Leveraging AWS Systems Manager and Lambda to automate the process is a great approach.
upvoted 0 times
Dudley
4 months ago
Definitely, having automated checks in place can save time and resources for the DevOps team.
upvoted 0 times
...
Jonell
4 months ago
It's important to have a streamlined process for auditing to ensure compliance with company policies.
upvoted 0 times
...
Laura
4 months ago
I agree, using Systems Manager Inventory and syncing the findings to an S3 bucket for analysis is efficient.
upvoted 0 times
...
Ricki
4 months ago
Option A seems like the most comprehensive solution to audit the EC2 instances. Leveraging AWS Systems Manager and Lambda to automate the process is a great approach.
upvoted 0 times
...
...
Avery
5 months ago
I think option A is the best choice because it uses AWS Systems Manager Inventory and AWS Lambda function to identify prohibited applications.
upvoted 0 times
...

Save Cancel