Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SCS-C02 Topic 2 Question 32 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 32
Topic #: 2
[All SCS-C02 Questions]

A company has AWS accounts in an organization in AWS Organizations. The company needs to install a corporate software package on all Amazon EC2 instances for all the accounts in the organization.

A central account provides base AMIs for the EC2 instances. The company uses AWS Systems Manager for software inventory and patching operations.

A security engineer must implement a solution that detects EC2 instances ttjat do not have the required software. The solution also must automatically install the software if the software is not present.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: C

Utilizing AWS Config with a custom AWS Config rule (ec2-managedinstance-applications-required) enables detection of EC2 instances lacking the required software across all accounts in an organization. By creating an Amazon EventBridge rule that triggers on AWS Config events, and configuring it to invoke an AWS Lambda function, automated actions can be taken to ensure compliance. The Lambda function can leverage AWS Systems Manager Run Command to install the necessary software on non-compliant instances. This approach ensures continuous compliance and automated remediation, aligning with best practices for cloud security and management.


Contribute your Thoughts:

Vincent
15 days ago
I'm not sure about option C. I think option A could also work by providing new AMIs with the software pre-installed and tagging them for easy identification.
upvoted 0 times
...
Geraldine
17 days ago
I agree with Micaela. Using AWS Config with EventBridge and Lambda function to install the software centrally is efficient and effective.
upvoted 0 times
...
Ira
19 days ago
Wow, these options are all quite technical. I'd need a Ph.D. in AWS to understand them properly. Maybe I should just ask Alexa for help.
upvoted 0 times
...
Vince
20 days ago
Option D is the way to go! Simplicity is key, and using Systems Manager Distributor to install the software makes it a breeze.
upvoted 0 times
Yun
2 days ago
Yes, Option D is the most straightforward way to ensure all EC2 instances have the required software installed.
upvoted 0 times
...
Jennifer
2 days ago
Option D is definitely the best choice. Using Systems Manager Distributor makes the software installation process easy.
upvoted 0 times
...
Miesha
11 days ago
I agree, using Systems Manager Distributor is a simple and efficient solution for this scenario.
upvoted 0 times
...
Elliot
13 days ago
Option D is definitely the best choice. Systems Manager Distributor makes it easy to install the software on all EC2 instances.
upvoted 0 times
...
...
Yasuko
1 months ago
I wonder if the software package comes with a '90s-style screensaver. That would really seal the deal for me.
upvoted 0 times
...
Macy
1 months ago
Option C seems like the most comprehensive solution. Leveraging AWS Config, EventBridge, and Lambda to automate the process is a clever approach.
upvoted 0 times
...
Micaela
1 months ago
I think option C is the best solution. Enabling AWS Config and setting up the required rule seems like a good way to detect and install the software.
upvoted 0 times
...

Save Cancel