Amazon Exam SAP-C01 Topic 3 Question 43 Discussion

Actual exam question for Amazon's SAP-C01 exam

Question #: 43
Topic #: 3

A company's security compliance requirements state that all Amazon EC2 images must be scanned for vulnerabilities and must pass a CVE assessment A solutions architect is developing a mechanism to create security-approved AMIs that can be used by developers Any new AMIs should go through an automated assessment process and be marked as approved before developers can use them The approved images must be scanned every 30 days to ensure compliance

Which combination of steps should the solutions architect take to meet these requirements while following best practices'? (Select TWO )

AUse the AWS Systems Manager EC2 agent to run the CVE assessment on the EC2 instances launched from the AMIs that need to be scanned

BUse AWS Lambda to write automatic approval rules Store the approved AMI list in AWS Systems Manager Parameter Store Use Amazon EventBridge to trigger an AWS Systems Manager Automation document on all EC2 instances every 30 days.

CUse Amazon Inspector to run the CVE assessment on the EC2 instances launched from the AMIs that need to be scanned

DUse AWS Lambda to write automatic approval rules Store the approved AMI list in AWS Systems Manager Parameter Store Use a managed AWS Config rule for continuous scanning on all EC2 instances, and use AWS Systems Manager Automation documents for remediation

EUse AWS CloudTrail to run the CVE assessment on the EC2 instances launched from the AMIs that need to be scanned

Show Suggested Answer

Suggested Answer: B, C

by Lavonda at May 06, 2022, 03:10 PM

Limited Time Offer

25%

Off

Get Premium SAP-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!