What should a solutions architect recommend to meet these requirements?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A company has migrated a fleet of hundreds of on-premises virtual machines (VMs) to Amazon EC2 instances.The instances run a diverse fleet of Windows Server versions along with several Linux distributions.The company wants a solution that will automate inventory and updates of the operating systems.The company also needs a summary of common vulnerabilities of each instance for regular monthly reviews.

What should a solutions architect recommend to meet these requirements?

Set up AWS Systems Manager Patch Manager to manage all the EC2 instances. Configure AWS Security Hub to produce monthly reports.

Set up AWS Systems Manager Patch Manager to manage all the EC2 instances. Deploy Amazon Inspector, and configure monthly reports.

Set up AWS Shield Advanced, and configure monthly reports. Deploy AWS Config to automate patch installations on the EC2 instances.

Set up Amazon GuardDuty in the account to monitor all EC2 instances. Deploy AWS Config to automate patch installations on the EC2 instances.

Explanations:

AWS Security Hub provides a security dashboard, but it does not specifically manage OS updates. Patch Manager handles patching, but Security Hub is not designed for monthly reports on vulnerabilities per instance.

AWS Systems Manager Patch Manager can automate OS updates across EC2 instances, while Amazon Inspector identifies and reports on vulnerabilities with configurable monthly reports, meeting all requirements.

AWS Shield Advanced provides DDoS protection, not OS inventory or vulnerability management. AWS Config can track configurations but does not manage OS patches directly.

Amazon GuardDuty monitors for suspicious activity, not OS updates or vulnerability assessments. AWS Config is not suitable for automating patch installations.

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × five =