SCS-C02 Question #184: Real Exam Question with Answer & Explanation

Question

A company has AWS accounts in an organization in AWS Organizations. The company needs to install a corporate software package on all Amazon EC2 instances for all the accounts in the organization. A central account provides base AMIs for the EC2 instances. The company uses AWS Systems Manager for software inventory and patching operations. A security engineer must implement a solution that detects EC2 instances that do not have the required software. The solution also must automatically install the software if the software is not present. Which solution will meet these requirements?

Options

• AProvide new AMIs that have the required software pre-installed. Apply a tag to the AMIs to
• BConfigure a custom patch baseline in Systems Manager Patch Manager. Add the package name
• CCentrally enable AWS Config. Set up the ec2-managedinstance-applications-required AWS
• DCreate a new Systems Manager Distributor package for the required software. Specify the

Explanation

Utilizing AWS Config with a custom AWS Config rule (ec2-managedinstance-applications- required) enables detection of EC2 instances lacking the required software across all accounts in an organization. By creating an Amazon EventBridge rule that triggers on AWS Config events, and configuring it to invoke an AWS Lambda function, automated actions can be taken to ensure compliance. The Lambda function can leverage AWS Systems Manager Run Command to install the necessary software on non-compliant instances. This approach ensures continuous compliance and automated remediation, aligning with best practices for cloud security and

No community discussion yet for this question.