What should the security engineer do to meet these requirements?
Use AWS Systems Manager Patch Manager to view vulnerability identifiers for missing patches on the instances. Use Patch Manager also to automate the patching process.
Use AWS Shield Advanced to view vulnerability identifiers for missing patches on the instances. Use AWS Systems Manager Patch Manager to automate the patching process.
Use Amazon GuardDuty to view vulnerability identifiers for missing patches on the instances. Use Amazon Inspector to automate the patching process.
Use Amazon Inspector to view vulnerability identifiers for missing patches on the instances. Use Amazon Inspector also to automate the patching process.
Explanations:
AWS Systems Manager Patch Manager is specifically designed to manage patching for EC2 instances. It allows for viewing vulnerability identifiers for missing patches and automates the patching process, meeting both requirements of verification and remediation effectively.
AWS Shield Advanced is primarily a DDoS protection service and does not provide capabilities for viewing vulnerability identifiers or managing patching on EC2 instances. Although AWS Systems Manager Patch Manager can automate patching, the inclusion of Shield Advanced makes this option incorrect.
Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior, but it does not provide visibility into patch vulnerabilities. Amazon Inspector does offer vulnerability assessments, but it does not automate patching. This option fails to meet the requirements.
Amazon Inspector can be used to identify vulnerabilities in instances, but it does not automate the patching process. While it can view vulnerability identifiers, it does not provide a solution for automatic remediation. Thus, this option does not fully meet the requirements.