Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 4 Question 45 Discussion

For compliance reasons a Security Engineer must produce a weekly report that lists any instance that does not have the latest approved patches applied. The Engineer must also ensure that no system goes more than 30 days without the latest approved updates being appliedWhat would the MOST efficient way to achieve these goals?
B) Configure Amazon EC2 Systems Manager to report on instance patch compliance and enforce updates during the defined maintenance windows
A) Use Amazon inspector to determine which systems do not have the latest patches applied, and after 30 days, redeploy those instances with the latest AMI version
C) Examine IAM CloudTrail togs to determine whether any instances have not restarted in the last 30 days, and redeploy those instances
D) Update the AMls with the latest approved patches and redeploy each instance during the defined maintenance window

Amazon SCS-C02 Exam - Topic 4 Question 45 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 45
Topic #: 4
[All SCS-C02 Questions]

For compliance reasons a Security Engineer must produce a weekly report that lists any instance that does not have the latest approved patches applied. The Engineer must also ensure that no system goes more than 30 days without the latest approved updates being applied

What would the MOST efficient way to achieve these goals?

Show Suggested Answer Hide Answer
Suggested Answer: B

Amazon EC2 Systems Manager is a service that helps you automatically collect software inventory, apply OS patches, create system images, and configure Windows and Linux operating systems3.You can use Systems Manager to report on instance patch compliance and enforce updates during the defined maintenance windows4. The other options are either inefficient or not feasible for achieving the goals.


by Mary at May 04, 2025, 12:28 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Audry
6 months ago
D sounds like a lot of manual work, not ideal.
upvoted 0 times
...
Kimberely
6 months ago
I think A could work, but it's not the most efficient.
upvoted 0 times
...
Shonda
6 months ago
B is the best choice, it automates everything!
upvoted 0 times
...
Micah
6 months ago
Surprised that C is even an option, seems too indirect!
upvoted 0 times
...
Leatha
6 months ago
B is definitely the way to go for patch compliance!
upvoted 0 times
...
Fernanda
7 months ago
Option D feels a bit manual to me. I think it's important to automate the process to avoid human error and ensure updates are applied on time.
upvoted 0 times
...
Tamie
7 months ago
I vaguely recall a practice question about using IAM CloudTrail logs, but I don't think that directly addresses patch compliance. It seems more focused on instance activity.
upvoted 0 times
...
Katie
7 months ago
I think using EC2 Systems Manager makes sense because it can automate patch compliance checks and apply updates during maintenance windows. That sounds efficient!
upvoted 0 times
...
Vanna
7 months ago
I remember discussing how Amazon Inspector can help identify vulnerabilities, but I'm not sure if it's the best way to ensure compliance with patching.
upvoted 0 times
...
Glenna
7 months ago
I'm leaning towards option B as well. Automating the patch compliance reporting and enforcement seems like the most efficient way to meet the requirements of this question. I just need to make sure I understand how to properly configure EC2 Systems Manager.
upvoted 0 times
...
Oliva
8 months ago
Option D looks promising, as it allows me to update the AMIs with the latest patches and then redeploy the instances during a maintenance window. That way, I can ensure all systems are up-to-date without having to manually check each one.
upvoted 0 times
...
Ozell
8 months ago
Hmm, I'm a bit unsure about this one. I'm not too familiar with Amazon EC2 Systems Manager, so I'll need to do some research on that before I can confidently select an answer.
upvoted 0 times
...
Joseph
8 months ago
This seems like a straightforward question about keeping systems up-to-date. I think option B is the most efficient approach, as it allows me to automate the patch compliance reporting and enforcement.
upvoted 0 times
...
Veronika
12 months ago
I think updating the AMIs with the latest approved patches and redeploying each instance during maintenance windows could also work well to ensure compliance.
upvoted 0 times
...
Estrella
1 year ago
I'm not sure, but I think using Amazon inspector to determine which systems do not have the latest patches applied could also be a good approach.
upvoted 0 times
...
Shayne
1 year ago
You know, I bet the person who wrote option A has never actually had to manage a large-scale infrastructure. Redeploying instances every 30 days? That's just asking for trouble.
upvoted 0 times
...
King
1 year ago
I agree with Broderick. Configuring EC2 Systems Manager seems like the best option to ensure all instances have the latest approved patches applied.
upvoted 0 times
...
Florinda
1 year ago
Haha, good luck keeping up with those IAM CloudTrail logs. You'd be drowning in data in no time. I'll take the automated approach any day.
upvoted 0 times
...
Pearlene
1 year ago
I was thinking the same thing! Automating the process with EC2 Systems Manager is the smart move. No more headaches trying to keep track of everything manually.
upvoted 0 times
Amie
11 months ago
I was thinking the same thing! Automating the process with EC2 Systems Manager is the smart move. No more headaches trying to keep track of everything manually.
upvoted 0 times
...
Brittni
11 months ago
B) Configure Amazon EC2 Systems Manager to report on instance patch compliance and enforce updates during the defined maintenance windows
upvoted 0 times
...
Eleni
1 year ago
A) Use Amazon inspector to determine which systems do not have the latest patches applied, and after 30 days, redeploy those instances with the latest AMI version
upvoted 0 times
...
...
Broderick
1 year ago
I think the most efficient way would be to use Amazon EC2 Systems Manager to report on instance patch compliance and enforce updates during maintenance windows.
upvoted 0 times
...
Reyes
1 year ago
Option B is definitely the way to go. I mean, who wants to manually check each instance and then redeploy them? EC2 Systems Manager makes it a breeze to manage patch compliance.
upvoted 0 times
Theodora
12 months ago
Definitely, it saves a lot of time and ensures that all instances are up to date with the latest approved patches.
upvoted 0 times
...
Laurena
12 months ago
I agree, using Amazon EC2 Systems Manager to report on instance patch compliance and enforce updates during maintenance windows is much more efficient than manual checks.
upvoted 0 times
...
Gracia
1 year ago
Option B is definitely the way to go. I mean, who wants to manually check each instance and then redeploy them? EC2 Systems Manager makes it a breeze to manage patch compliance.
upvoted 0 times
...
...

Save Cancel