How can the company meet these requirements?

By:
On:
In: DOP-C01
Tagged:
With: 0 Comments
A company is using Amazon EC2 for various workloads.Company policy requires that instances be managed centrally to standardize configurations.These configurations include standard logging, metrics, security assessments, and weekly patching.

How can the company meet these requirements?

(Choose three.)

Use AWS Config to ensure all EC2 instances are managed by Amazon Inspector.

Use AWS Config to ensure all EC2 instances are managed by AWS Systems Manager.

Use AWS Systems Manager to install and manage Amazon Inspector, Systems Manager Patch Manager, and the Amazon CloudWatch agent on all instances.

Use Amazon Inspector to install and manage AWS Systems Manager, Systems Manager Patch Manager, and the Amazon CloudWatch agent on all instances.

Use AWS Systems Manager maintenance windows with Systems Manager Run Command to schedule Systems Manager Patch Manager tasks. Use the Amazon CloudWatch agent to schedule Amazon Inspector assessment runs.

Use AWS Systems Manager maintenance windows with Systems Manager Run Command to schedule Systems Manager Patch Manager tasks. Use Amazon CloudWatch Events to schedule Amazon Inspector assessment runs.

Explanations:

AWS Config can be used to ensure EC2 instances are managed by AWS Systems Manager, which is responsible for standardizing configurations like patching and logging.

AWS Systems Manager can manage Amazon Inspector, Systems Manager Patch Manager, and the CloudWatch agent across EC2 instances, which helps in central management, security assessments, patching, and logging.

Using AWS Systems Manager maintenance windows with Systems Manager Run Command helps schedule patching tasks. Amazon CloudWatch Events can automate the scheduling of Amazon Inspector assessments, meeting all policy requirements.

AWS Config ensures compliance but doesn’t manage EC2 instances via Amazon Inspector. Instead, it tracks configuration changes and compliance, but doesn’t directly install or manage services like Amazon Inspector.

Amazon Inspector doesn’t manage or install AWS Systems Manager, Patch Manager, or CloudWatch agent. Inspector is for security assessments, not instance management.

Amazon CloudWatch agent cannot schedule Amazon Inspector assessments. Also, Amazon Inspector requires event triggers like CloudWatch Events, not CloudWatch agent scheduling.

Leave a Reply

Your email address will not be published. Required fields are marked *

twenty − two =