Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam DOP-C02 Topic 6 Question 29 Discussion

Actual exam question for Amazon's DOP-C02 exam
Question #: 29
Topic #: 6
[All DOP-C02 Questions]

A company uses Amazon EC2 as its primary compute platform. A DevOps team wants to audit the company's EC2 instances to check whether any prohibited applications have been installed on the EC2 instances.

Which solution will meet these requirements with the MOST operational efficiency?

Show Suggested Answer Hide Answer
Suggested Answer: A

* Configure AWS Systems Manager on Each Instance:

AWS Systems Manager provides a unified interface for managing AWS resources. Install the Systems Manager agent on each EC2 instance to enable inventory management and other features.

* Use AWS Systems Manager Inventory:

Systems Manager Inventory collects metadata about your instances and the software installed on them. This data includes information about applications, network configurations, and more.

Enable Systems Manager Inventory on all EC2 instances to gather detailed information about installed applications.

* Use Systems Manager Resource Data Sync to Synchronize and Store Findings in an Amazon S3 Bucket:

Resource Data Sync aggregates inventory data from multiple accounts and regions into a single S3 bucket, making it easier to query and analyze the data.

Configure Resource Data Sync to automatically transfer inventory data to an S3 bucket for centralized storage.

* Create an AWS Lambda Function that Runs When New Objects are Added to the S3 Bucket:

Use an S3 event to trigger a Lambda function whenever new inventory data is added to the S3 bucket.

The Lambda function can parse the inventory data and check for the presence of prohibited applications.

* Configure the Lambda Function to Identify Prohibited Applications:

The Lambda function should be programmed to scan the inventory data for any known prohibited applications and generate alerts or take appropriate actions if such applications are found.

Example Lambda function in Python

import json

import boto3

def lambda_handler(event, context):

s3 = boto3.client('s3')

bucket = event['Records'][0]['s3']['bucket']['name']

key = event['Records'][0]['s3']['object']['key']

response = s3.get_object(Bucket=bucket, Key=key)

inventory_data = json.loads(response['Body'].read().decode('utf-8'))

prohibited_apps = ['app1', 'app2']

for instance in inventory_data['Instances']:

for app in instance['Applications']:

if app['Name'] in prohibited_apps:

# Send notification or take action

print(f'Prohibited application found: {app['Name']} on instance {instance['InstanceId']}')

return {'statusCode': 200, 'body': json.dumps('Check completed')}

By leveraging AWS Systems Manager Inventory, Resource Data Sync, and Lambda, this solution provides an efficient and automated way to audit EC2 instances for prohibited applications.


AWS Systems Manager Inventory

AWS Systems Manager Resource Data Sync

S3 Event Notifications

AWS Lambda

by Eleonora at Jul 05, 2024, 04:47 PM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Ardella
12 days ago
Option A is the way to go, but I can't help but chuckle at the thought of someone trying to sneak in 'prohibited applications' on their EC2 instances. What, are they running Doom in the background or something?
upvoted 0 times
...
Enola
14 days ago
Option D is like using a sledgehammer to crack a nut. Cloudwatch Logs and custom scripts? Overkill if you ask me.
upvoted 0 times
...
Avery
24 days ago
That's a valid point, Billye. It's important to consider all options before making a decision.
upvoted 0 times
...
Merilyn
28 days ago
While Option B and C also use Systems Manager Inventory, the additional step of creating AWS Config rules or filtering CloudTrail events makes them a bit more complex. Option A is the clear winner here.
upvoted 0 times
Chun
5 days ago
Definitely, having a Lambda function automatically identify prohibited applications is a great idea.
upvoted 0 times
...
Leana
17 days ago
It's important to streamline the process for auditing EC2 instances.
upvoted 0 times
...
Sylvia
18 days ago
I agree, using AWS Systems Manager Inventory and a Lambda function seems like the simplest approach.
upvoted 0 times
...
Dominque
19 days ago
Option A is definitely the most efficient solution.
upvoted 0 times
...
...
Billye
29 days ago
I see your point, Silvana. However, I think option C could also be a good solution by filtering a trail in AWS CloudTrail for Systems Manager Inventory events.
upvoted 0 times
...
Silvana
30 days ago
I disagree, I believe option B is more efficient as it utilizes AWS Config rules to monitor changes from Systems Manager Inventory.
upvoted 0 times
...
Kimbery
1 months ago
I agree, Option A is the way to go. The ability to store the findings in an S3 bucket and then use a Lambda function to analyze them is really efficient.
upvoted 0 times
Sabine
23 hours ago
I think Option B could also work well. Configuring AWS Config rules to monitor changes from Systems Manager Inventory seems like a good approach.
upvoted 0 times
...
Rozella
3 days ago
Option A is definitely the most efficient. Storing findings in an S3 bucket and using a Lambda function is a smart move.
upvoted 0 times
...
Kami
4 days ago
I agree, Option A seems like the most effective solution. Storing data in S3 and using a Lambda function is a great approach.
upvoted 0 times
...
Iluminada
13 days ago
I think Option A is the best choice too. It's a streamlined process for identifying prohibited applications.
upvoted 0 times
...
Josephine
24 days ago
Option A is definitely the most efficient. Storing findings in an S3 bucket and using a Lambda function is smart.
upvoted 0 times
...
...
Marjory
2 months ago
Option A seems like the most comprehensive solution to audit the EC2 instances. Leveraging AWS Systems Manager and Lambda to automate the process is a great approach.
upvoted 0 times
Dudley
5 days ago
Definitely, having automated checks in place can save time and resources for the DevOps team.
upvoted 0 times
...
Jonell
11 days ago
It's important to have a streamlined process for auditing to ensure compliance with company policies.
upvoted 0 times
...
Laura
15 days ago
I agree, using Systems Manager Inventory and syncing the findings to an S3 bucket for analysis is efficient.
upvoted 0 times
...
Ricki
19 days ago
Option A seems like the most comprehensive solution to audit the EC2 instances. Leveraging AWS Systems Manager and Lambda to automate the process is a great approach.
upvoted 0 times
...
...
Avery
2 months ago
I think option A is the best choice because it uses AWS Systems Manager Inventory and AWS Lambda function to identify prohibited applications.
upvoted 0 times
...

Save Cancel