A security audit reveals that several Amazon EC2 instances have critical OS vulnerabilities. The security team wants to automate the process of scanning for vulnerabilities and applying OS patches across all accounts in the organization. Which combination of services should be used?

Answer options:

AWS Security Hub for scanning, and AWS CodeDeploy for patching.

Amazon GuardDuty for scanning, and AWS OpsWorks for patching.

Amazon Inspector for scanning, and AWS Systems Manager Patch Manager for patching.

AWS Config for scanning, and AWS CloudFormation for patching.

How to approach this question

Match vulnerability scanning to Inspector and OS patching to Systems Manager.

Full Answer

C.Amazon Inspector for scanning, and AWS Systems Manager Patch Manager for patching.✓ Correct

Amazon Inspector is an automated vulnerability management service. AWS Systems Manager Patch Manager automates the process of patching managed instances with both security related and other types of updates.

Common mistakes

Confusing GuardDuty (threat detection) with Inspector (vulnerability scanning).

Question 26 All questions Question 28

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 1

75 questions · hints · full answers · grading

More questions from this exam

Q01An enterprise has 50 VPCs across two AWS Regions. They need to establish transitive routing betwe...Hard Q02A company uses AWS Organizations. The security team wants to ensure that no IAM user or role can ...Medium Q03An application requires a relational database with an RPO of 1 second and an RTO of less than 1 m...Hard Q04A company is setting up a new multi-account environment. They want to automate the provisioning o...Medium Q05An organization wants to allocate AWS costs to specific business units. They use AWS Organization...Hard

View all 75 questions →