DOP-C02 · Question #17
DOP-C02 Question #17: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #17. The question stem and answer options stay visible for context.
Question
A company is performing vulnerability scanning for all Amazon EC2 instances across many accounts. The accounts are in an organization in AWS Organizations. Each account's VPCs are attached to a shared transit gateway. The VPCs send traffic to the internet through a central egress VPC. The company has enabled Amazon Inspector in a delegated administrator account and has enabled scanning for all member accounts. A DevOps engineer discovers that some EC2 instances are listed in the "not scanning" tab in Amazon Inspector. Which combination of actions should the DevOps engineer take to resolve this issue? (Choose three.)
Options
- AVerify that AWS Systems Manager Agent is installed and is running on the EC2 instances that
- BAssociate the target EC2 instances with security groups that allow outbound communication on
- CGrant inspector:StartAssessmentRun permissions to the IAM role that the DevOps engineer is
- DConfigure EC2 Instance Connect for the EC2 instances that Amazon Inspector is not scanning.
- EAssociate the target EC2 instances with instance profiles that grant permissions to communicate
- FCreate a managed-instance activation. Use the Activation Code and the Activation ID to register
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.