Amazon SCS-C02 Exam - Topic 4 Question 45 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 45
Topic #: 4

For compliance reasons a Security Engineer must produce a weekly report that lists any instance that does not have the latest approved patches applied. The Engineer must also ensure that no system goes more than 30 days without the latest approved updates being applied

What would the MOST efficient way to achieve these goals?

AUse Amazon inspector to determine which systems do not have the latest patches applied, and after 30 days, redeploy those instances with the latest AMI version

BConfigure Amazon EC2 Systems Manager to report on instance patch compliance and enforce updates during the defined maintenance windows

CExamine IAM CloudTrail togs to determine whether any instances have not restarted in the last 30 days, and redeploy those instances

DUpdate the AMls with the latest approved patches and redeploy each instance during the defined maintenance window

Show Suggested Answer

Suggested Answer: B

Amazon EC2 Systems Manager is a service that helps you automatically collect software inventory, apply OS patches, create system images, and configure Windows and Linux operating systems3.You can use Systems Manager to report on instance patch compliance and enforce updates during the defined maintenance windows4. The other options are either inefficient or not feasible for achieving the goals.

by Mary at May 04, 2025, 12:28 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Audry

3 months ago

D sounds like a lot of manual work, not ideal.

upvoted 0 times

...

Kimberely

3 months ago

I think A could work, but it's not the most efficient.

upvoted 0 times

...

Shonda

3 months ago

B is the best choice, it automates everything!

upvoted 0 times

...

Micah

3 months ago

Surprised that C is even an option, seems too indirect!

upvoted 0 times

...

Leatha

3 months ago

B is definitely the way to go for patch compliance!

upvoted 0 times

...

Fernanda

4 months ago

Option D feels a bit manual to me. I think it's important to automate the process to avoid human error and ensure updates are applied on time.

upvoted 0 times

...

Tamie

4 months ago

I vaguely recall a practice question about using IAM CloudTrail logs, but I don't think that directly addresses patch compliance. It seems more focused on instance activity.

upvoted 0 times

...

Katie

4 months ago

I think using EC2 Systems Manager makes sense because it can automate patch compliance checks and apply updates during maintenance windows. That sounds efficient!

upvoted 0 times

...

Vanna

4 months ago

I remember discussing how Amazon Inspector can help identify vulnerabilities, but I'm not sure if it's the best way to ensure compliance with patching.

upvoted 0 times

...

Glenna

4 months ago

I'm leaning towards option B as well. Automating the patch compliance reporting and enforcement seems like the most efficient way to meet the requirements of this question. I just need to make sure I understand how to properly configure EC2 Systems Manager.

upvoted 0 times

...

Oliva

5 months ago

Option D looks promising, as it allows me to update the AMIs with the latest patches and then redeploy the instances during a maintenance window. That way, I can ensure all systems are up-to-date without having to manually check each one.

upvoted 0 times

...

Ozell

5 months ago

Hmm, I'm a bit unsure about this one. I'm not too familiar with Amazon EC2 Systems Manager, so I'll need to do some research on that before I can confidently select an answer.

upvoted 0 times

...

Joseph

5 months ago

This seems like a straightforward question about keeping systems up-to-date. I think option B is the most efficient approach, as it allows me to automate the patch compliance reporting and enforcement.

upvoted 0 times

...

Veronika

9 months ago

I think updating the AMIs with the latest approved patches and redeploying each instance during maintenance windows could also work well to ensure compliance.

upvoted 0 times

...

Estrella

10 months ago

I'm not sure, but I think using Amazon inspector to determine which systems do not have the latest patches applied could also be a good approach.

upvoted 0 times

...

Shayne

10 months ago

You know, I bet the person who wrote option A has never actually had to manage a large-scale infrastructure. Redeploying instances every 30 days? That's just asking for trouble.

upvoted 0 times

...

King

10 months ago

I agree with Broderick. Configuring EC2 Systems Manager seems like the best option to ensure all instances have the latest approved patches applied.

upvoted 0 times

...

Florinda

10 months ago

Haha, good luck keeping up with those IAM CloudTrail logs. You'd be drowning in data in no time. I'll take the automated approach any day.

upvoted 0 times

...

Pearlene

10 months ago

I was thinking the same thing! Automating the process with EC2 Systems Manager is the smart move. No more headaches trying to keep track of everything manually.

upvoted 0 times

Amie

8 months ago

I was thinking the same thing! Automating the process with EC2 Systems Manager is the smart move. No more headaches trying to keep track of everything manually.

upvoted 0 times

...

Brittni

8 months ago

B) Configure Amazon EC2 Systems Manager to report on instance patch compliance and enforce updates during the defined maintenance windows

upvoted 0 times

...

Eleni

9 months ago

A) Use Amazon inspector to determine which systems do not have the latest patches applied, and after 30 days, redeploy those instances with the latest AMI version

upvoted 0 times

...

Broderick

10 months ago

I think the most efficient way would be to use Amazon EC2 Systems Manager to report on instance patch compliance and enforce updates during maintenance windows.

upvoted 0 times

...

Reyes

10 months ago

Option B is definitely the way to go. I mean, who wants to manually check each instance and then redeploy them? EC2 Systems Manager makes it a breeze to manage patch compliance.

upvoted 0 times

Theodora

9 months ago

Definitely, it saves a lot of time and ensures that all instances are up to date with the latest approved patches.

upvoted 0 times

...

Laurena

9 months ago

I agree, using Amazon EC2 Systems Manager to report on instance patch compliance and enforce updates during maintenance windows is much more efficient than manual checks.

upvoted 0 times

...

Gracia

10 months ago

Option B is definitely the way to go. I mean, who wants to manually check each instance and then redeploy them? EC2 Systems Manager makes it a breeze to manage patch compliance.

upvoted 0 times

...