Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 5 Question 48 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 48
Topic #: 5
[All SCS-C02 Questions]

[Infrastructure Security]

A company has AWS accounts in an organization in AWS Organizations. The company needs to install a corporate software package on all Amazon EC2 instances for all the accounts in the organization.

A central account provides base AMIs for the EC2 instances. The company uses AWS Systems Manager for software inventory and patching operations.

A security engineer must implement a solution that detects EC2 instances ttjat do not have the required software. The solution also must automatically install the software if the software is not present.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: C

Utilizing AWS Config with a custom AWS Config rule (ec2-managedinstance-applications-required) enables detection of EC2 instances lacking the required software across all accounts in an organization. By creating an Amazon EventBridge rule that triggers on AWS Config events, and configuring it to invoke an AWS Lambda function, automated actions can be taken to ensure compliance. The Lambda function can leverage AWS Systems Manager Run Command to install the necessary software on non-compliant instances. This approach ensures continuous compliance and automated remediation, aligning with best practices for cloud security and management.


by Renea at Jul 10, 2025, 11:13 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Alline
3 months ago
A seems a bit restrictive with the SCPs.
upvoted 0 times
...
Daron
3 months ago
I think B is the easiest way to manage patches.
upvoted 0 times
...
Maile
3 months ago
Option C sounds solid with AWS Config and EventBridge!
upvoted 0 times
...
Annabelle
3 months ago
D is cool, but I prefer using Systems Manager for everything.
upvoted 0 times
...
Maurine
4 months ago
Wait, can AWS Config really handle all that automatically?
upvoted 0 times
...
Sabrina
4 months ago
I’m leaning towards option B, but I’m a bit uncertain about how maintenance windows work with patch baselines. Did we cover that in our sessions?
upvoted 0 times
...
Gerald
4 months ago
I practiced a similar question about managing software across multiple accounts, and I feel like using Systems Manager Distributor might be the right choice, but I need to double-check the specifics.
upvoted 0 times
...
Latrice
4 months ago
I think option C sounds familiar; using AWS Config and EventBridge to automate the installation could be effective, but I can't recall all the details.
upvoted 0 times
...
Carlota
4 months ago
I remember studying about using AWS Systems Manager for patching, but I'm not sure if a custom patch baseline is the best approach here.
upvoted 0 times
...
Lashandra
5 months ago
This is a great question! I feel confident that I can tackle this. I'm thinking option B might be the way to go, as it allows me to centrally manage the software deployment through Systems Manager Patch Manager. I'll need to double-check the details, but I'm optimistic about this approach.
upvoted 0 times
...
Arthur
5 months ago
I'm a bit confused by the different options. They all seem to involve some level of automation, but I'm not sure which one would be the most scalable and maintainable. I'll need to do some more research on the AWS services mentioned.
upvoted 0 times
...
Lashunda
5 months ago
Okay, I think I've got a good handle on this. The key is to leverage AWS Systems Manager to automate the software installation across all the EC2 instances. I'm leaning towards option C, as it seems to provide the most comprehensive and automated solution.
upvoted 0 times
...
Lashanda
5 months ago
Hmm, this is a tricky one. I'm not sure which solution would be the most efficient and secure. I'll need to weigh the pros and cons of each approach before deciding.
upvoted 0 times
...
Annette
5 months ago
This seems like a straightforward question, but I want to make sure I understand the requirements correctly. I'll need to review the details carefully and think through the different options.
upvoted 0 times
...
Rhea
6 months ago
I wonder if the software being installed is 'Minesweeper' - that would be a real 'mine'field to navigate!
upvoted 0 times
Vince
5 months ago
Haha, Minesweeper would definitely complicate things!
upvoted 0 times
...
Yuki
6 months ago
Agreed! Let's stick to essential software only.
upvoted 0 times
...
Eleonora
6 months ago
I'd prefer something more productive!
upvoted 0 times
...
Veronika
6 months ago
Right? Hopefully, it's not a game software.
upvoted 0 times
...
...
Marti
7 months ago
I bet the engineer who comes up with a solution that also installs the software on the engineers' laptops will get a bonus!
upvoted 0 times
Adolph
6 months ago
A: I think option D could work well for this scenario.
upvoted 0 times
...
...
Ivory
7 months ago
Hmm, Option D looks like the easiest to implement, but I wonder if it can scale effectively across a large number of instances.
upvoted 0 times
...
Roslyn
7 months ago
Option B is a good choice if the company just needs to deploy a single software package and doesn't require advanced automation.
upvoted 0 times
...
Yolande
7 months ago
I like how Option C leverages AWS Config and EventBridge to create a robust and scalable solution.
upvoted 0 times
...
Tammi
7 months ago
I see your point, Phillip. But I personally think option D is the most straightforward solution. Creating a Distributor package and using Run Command seems simple.
upvoted 0 times
...
Phillip
8 months ago
I disagree, I believe option C is the way to go. Using AWS Config and EventBridge for automation seems more efficient.
upvoted 0 times
...
Harley
8 months ago
I think option A is the best solution because it ensures that only instances with the required software are launched.
upvoted 0 times
...
Elly
8 months ago
Option C seems the most comprehensive solution, automating the detection and installation process across multiple accounts.
upvoted 0 times
Lindsay
7 months ago
D) Create a new Systems Manager Distributor package for the required software. Specify the download location. Select all EC2 instances in the different accounts. Install the software by using Systems Manager Run Command.
upvoted 0 times
...
Vallie
7 months ago
A) Provide new AMIs that have the required software pre-installed. Apply a tag to the AMIs to indicate that the AMIs have the required software. Configure an SCP that allows new EC2 instances to be launched only if the instances have the tagged AMIs. Tag all existing EC2 instances.
upvoted 0 times
...
Raina
7 months ago
I agree, it covers all the necessary steps for detecting and installing the required software.
upvoted 0 times
...
Latrice
7 months ago
I think option C is the best choice for this scenario.
upvoted 0 times
...
Adaline
7 months ago
C) Centrally enable AWS Config. Set up the ec2-managedinstance-applications-required AWS Config rule for all accounts Create an Amazon EventBridge rule that reacts to AWS Config events. Configure the EventBridge rule to invoke an AWS Lambda function that uses Systems Manager Run Command to install the required software.
upvoted 0 times
...
...

Save Cancel