Which solution will meet these requirements?

By:
In: SAA-C03
Tagged:
With: 1 Comment
A security audit reveals that Amazon EC2 instances are not being patched regularly.A solutions architect needs to provide a solution that will run regular security scans across a large fleet of EC2 instances.The solution should also patch the EC2 instances on a regular schedule and provide a report of each instance’s patch status.

Which solution will meet these requirements?

Set up Amazon Macie to scan the EC2 instances for software vulnerabilities. Set up a cron job on each EC2 instance to patch the instance on a regular schedule.

Turn on Amazon GuardDuty in the account. Configure GuardDuty to scan the EC2 instances for software vulnerabilities. Set up AWS Systems Manager Session Manager to patch the EC2 instances on a regular schedule.

Set up Amazon Detective to scan the EC2 instances for software vulnerabilities. Set up an Amazon EventBridge scheduled rule to patch the EC2 instances on a regular schedule.

Turn on Amazon Inspector in the account. Configure Amazon Inspector to scan the EC2 instances for software vulnerabilities. Set up AWS Systems Manager Patch Manager to patch the EC2 instances on a regular schedule.

Explanations:

Amazon Macie is primarily focused on data security and protection, not on scanning EC2 instances for software vulnerabilities. Additionally, using cron jobs on individual instances for patching is not scalable or manageable for large fleets.

Amazon GuardDuty is a threat detection service, not designed for scanning EC2 instances for software vulnerabilities. While AWS Systems Manager Session Manager can assist in managing instances, it does not provide an automated patching solution without additional configuration.

Amazon Detective is used for security investigation and analysis, not for scanning EC2 instances for software vulnerabilities. EventBridge can be used for scheduling, but it does not inherently provide patch management capabilities.

Amazon Inspector is specifically designed to assess security vulnerabilities in EC2 instances. AWS Systems Manager Patch Manager can automate the process of patching EC2 instances on a regular schedule, meeting the requirements for vulnerability scanning and patch management.

2025-10-13

1 Comment

  1. Samantha
    Author

    As I recall, the answer is:
    Turn on Amazon Inspector in the account. Configure Amazon Inspector to scan the EC2 instances for software vulnerabilities. Set up AWS Systems Manager Patch Manager to patch the EC2 instances on a regular schedule.

Leave a Reply

Your email address will not be published. Required fields are marked *

4 + 18 =