SAP-C02 · Question #156
SAP-C02 Question #156: Real Exam Question with Answer & Explanation
The correct answer is B: Use AWS Lambda to write automatic approval rules.. https://aws.amazon.com/blogs/security/how-to-set-up-continuous-golden-ami-vulnerability- assessments-with-amazon-inspector/
Question
A company's security compliance requirements state that all Amazon EC2 images must be scanned for vulnerabilities and must pass a CVE assessment. A solutions architect is developing a mechanism to create security- approved AMIs that can be used by developers. Any new AMIs should go through an automated assessment process and be marked as approved before developers can use them. The approved images must be scanned every 30 days to ensure compliance. Which combination of steps should the solutions architect take to meet these requirements while following best practices? (Choose two.)
Options
- AUse the AWS Systems Manager EC2 agent to run the CVE assessment on the EC2 instances
- BUse AWS Lambda to write automatic approval rules.
- CUse Amazon Inspector to run the CVE assessment on the EC2 instances launched from the AMIs
- DUse AWS Lambda to write automatic approval rules.
- EUse AWS CloudTrail to run the CVE assessment on the EC2 instances launched from the AMIs
Explanation
https://aws.amazon.com/blogs/security/how-to-set-up-continuous-golden-ami-vulnerability- assessments-with-amazon-inspector/
Community Discussion
No community discussion yet for this question.