AmazonAmazon
SCS-C02 · Question #231
SCS-C02 Question #231: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #231. The question stem and answer options stay visible for context.
Submitted by joshua94· Mar 6, 2026Security Logging and Monitoring
Question
A company is migrating its Amazon EC2 based applications to use Instance Metadata Service Version 2 (IMDSv2). A security engineer needs to determine whether any of the EC2 instances are still using Instance Metadata Service Version 1 (IMDSv1). What should the security engineer do to confirm that the IMDSv1 endpoint is no longer being used?
Options
- AConfigure logging on the Amazon CloudWatch agent for IMDSv1 as part of EC2 instance startup.
- BCreate an Amazon CloudWatch dashboard Verify that the EC2MetadataNoToken metric is zero
- CCreate a security group that blocks access to HTTP for the IMDSv1 endpoint Attach the security
- DConfigure user data scripts for all EC2 instances to send logging information to AWS CloudTrail
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#IMDSv2 Migration#EC2 Security#CloudWatch Metrics#Security Monitoring