SCS-C02 Exam QuestionsBrowse all questions from this exam
Go to Exam

SCS-C02 Exam - Question 158

A company has AWS accounts in an organization in AWS Organizations. The company needs to install a corporate software package on all Amazon EC2 instances for all the accounts in the organization.

A central account provides base AMIs for the EC2 instances. The company uses AWS Systems Manager for software inventory and patching operations.

A security engineer must implement a solution that detects EC2 instances that do not have the required software. The solution also must automatically install the software if the software is not present.

Which solution will meet these requirements?

Show Answer
Correct Answer: C

To meet the requirements of detecting EC2 instances that do not have the required software and automatically installing the software if it is not present, the solution should include both detection and automation capabilities. Centrally enabling AWS Config and setting up the ec2-managedinstance-applications-required AWS Config rule for monitoring ensures continuous compliance checks for the required software. Creating an Amazon EventBridge rule that reacts to Config events handles real-time detection of non-compliant instances. The EventBridge rule can then invoke an AWS Lambda function that utilizes Systems Manager Run Command to install the necessary software, fulfilling the requirement for automated installation.

Discussion

6 comments
Sign in to comment
Viseks
May 24, 2024

Ans - B

aescudero51Option: C
May 31, 2024

C is correct https://aws.amazon.com/blogs/mt/deploying-packages-sequentially-aws-systems-manager/

aescudero51Option: C
Jun 9, 2024

My answer is C. Detecting Missing Software: AWS Config with the ec2-managedinstance-applications-required rule continuously monitors EC2 instances and identifies ones without the required software. Automated Installation: The EventBridge rule automatically triggers upon a Config non-compliance event. Centralized Management: The solution operates centrally from the organization's master account, ensuring consistent enforcement across all member accounts. Flexibility: This approach allows for future software updates by simply modifying the Lambda function logic or the package definition in Systems Manager Distributor.

ShreyasOption: B
May 31, 2024

Ans - B

Mandar
Jun 1, 2024

D is correct: https://docs.aws.amazon.com/systems-manager/latest/userguide/distributor.html

kupo777
Jul 15, 2024

C is correct. Option A is a method of restricting activation by tag without detection. Option B is Software cannot be installed. Option D is to install the software without detection.