Amazon Exam SCS-C02 Topic 4 Question 45 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 45
Topic #: 4

For compliance reasons a Security Engineer must produce a weekly report that lists any instance that does not have the latest approved patches applied. The Engineer must also ensure that no system goes more than 30 days without the latest approved updates being applied

What would the MOST efficient way to achieve these goals?

AUse Amazon inspector to determine which systems do not have the latest patches applied, and after 30 days, redeploy those instances with the latest AMI version

BConfigure Amazon EC2 Systems Manager to report on instance patch compliance and enforce updates during the defined maintenance windows

CExamine IAM CloudTrail togs to determine whether any instances have not restarted in the last 30 days, and redeploy those instances

DUpdate the AMls with the latest approved patches and redeploy each instance during the defined maintenance window

Show Suggested Answer

Suggested Answer: B

Amazon EC2 Systems Manager is a service that helps you automatically collect software inventory, apply OS patches, create system images, and configure Windows and Linux operating systems3.You can use Systems Manager to report on instance patch compliance and enforce updates during the defined maintenance windows4. The other options are either inefficient or not feasible for achieving the goals.

by Mary at May 04, 2025, 12:28 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Estrella

18 days ago

I'm not sure, but I think using Amazon inspector to determine which systems do not have the latest patches applied could also be a good approach.

upvoted 0 times

...

Shayne

19 days ago

You know, I bet the person who wrote option A has never actually had to manage a large-scale infrastructure. Redeploying instances every 30 days? That's just asking for trouble.

upvoted 0 times

...

King

19 days ago

I agree with Broderick. Configuring EC2 Systems Manager seems like the best option to ensure all instances have the latest approved patches applied.

upvoted 0 times

...

Florinda

21 days ago

Haha, good luck keeping up with those IAM CloudTrail logs. You'd be drowning in data in no time. I'll take the automated approach any day.

upvoted 0 times

...

Pearlene

22 days ago

I was thinking the same thing! Automating the process with EC2 Systems Manager is the smart move. No more headaches trying to keep track of everything manually.

upvoted 0 times

...

Broderick

26 days ago

I think the most efficient way would be to use Amazon EC2 Systems Manager to report on instance patch compliance and enforce updates during maintenance windows.

upvoted 0 times

...

Reyes

26 days ago

Option B is definitely the way to go. I mean, who wants to manually check each instance and then redeploy them? EC2 Systems Manager makes it a breeze to manage patch compliance.

upvoted 0 times

Gracia

13 days ago

Option B is definitely the way to go. I mean, who wants to manually check each instance and then redeploy them? EC2 Systems Manager makes it a breeze to manage patch compliance.

upvoted 0 times

...