ExpertMedium1 markMultiple Choice
AWS SAP-C02 · Question 61 · Domain 3.2: Security Improvement
A security team wants to automate vulnerability management for their EC2 fleet. They need to scan instances weekly, automatically apply missing critical patches, and generate a compliance report. Which THREE services/features should be used? (Select THREE)
A security team wants to automate vulnerability management for their EC2 fleet. They need to scan instances weekly, automatically apply missing critical patches, and generate a compliance report. Which THREE services/features should be used? (Select THREE)
Answer options:
A.
Amazon Inspector.
B.
AWS Systems Manager Patch Manager.
C.
AWS Security Hub.
D.
Amazon GuardDuty.
E.
AWS WAF.
F.
AWS Shield.
How to approach this question
Identify the scanning, patching, and reporting services.
Full Answer
Inspector scans for vulnerabilities, Systems Manager Patch Manager applies the fixes, and Security Hub provides the centralized compliance reporting.
Common mistakes
Confusing GuardDuty (threat detection) with Inspector (vulnerability scanning).
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 3
75 questions · hints · full answers · grading
More questions from this exam
Q01An enterprise has 100 VPCs across 5 AWS Regions. They need to establish a highly available, trans...HardQ02A company uses AWS Organizations. The CISO requires that no EC2 instances can be launched outside...MediumQ03An application uses Amazon Aurora PostgreSQL. To meet disaster recovery requirements, the databas...HardQ04A company is setting up a new multi-account AWS environment. They want to automate the creation o...MediumQ05An organization wants to allocate AWS costs to specific departments. They use multiple AWS accoun...Medium