What should the security engineer do to meet these requirements?

By:
In: SCS-C01
Tagged:
With: 1 Comment
A company uses Amazon EC2 Linux instances in the AWS Cloud.A member of the company’s security team recently received a report about common vulnerability identifiers on the instances.A security engineer needs to verify patching and perform remediation if the instances do not have the correct patches installed.The security engineer must determine which EC2 instances are at risk and must implement a solution to automatically update those instances with the applicable patches.

What should the security engineer do to meet these requirements?

Use AWS Systems Manager Patch Manager to view vulnerability identifiers for missing patches on the instances. Use Patch Manager also to automate the patching process.

Use AWS Shield Advanced to view vulnerability identifiers for missing patches on the instances. Use AWS Systems Manager Patch Manager to automate the patching process.

Use Amazon GuardDuty to view vulnerability identifiers for missing patches on the instances. Use Amazon Inspector to automate the patching process.

Use Amazon Inspector to view vulnerability identifiers for missing patches on the instances. Use Amazon Inspector also to automate the patching process.

Explanations:

AWS Systems Manager Patch Manager is specifically designed to manage patching for EC2 instances. It allows for viewing vulnerability identifiers for missing patches and automates the patching process, meeting both requirements of verification and remediation effectively.

AWS Shield Advanced is primarily a DDoS protection service and does not provide capabilities for viewing vulnerability identifiers or managing patching on EC2 instances. Although AWS Systems Manager Patch Manager can automate patching, the inclusion of Shield Advanced makes this option incorrect.

Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior, but it does not provide visibility into patch vulnerabilities. Amazon Inspector does offer vulnerability assessments, but it does not automate patching. This option fails to meet the requirements.

Amazon Inspector can be used to identify vulnerabilities in instances, but it does not automate the patching process. While it can view vulnerability identifiers, it does not provide a solution for automatic remediation. Thus, this option does not fully meet the requirements.

2025-10-04

1 Comment

  1. Jean
    Author

    I infer that the answer is:
    Use AWS Systems Manager Patch Manager to view vulnerability identifiers for missing patches on the instances. Use Patch Manager also to automate the patching process.

Leave a Reply

Your email address will not be published. Required fields are marked *

one × 3 =