Examice

Exam DOP-C02 All QuestionsBrowse all questions from this exam

Question 236

A company uses Amazon EC2 as its primary compute platform. A DevOps team wants to audit the company's EC2 instances to check whether any prohibited applications have been installed on the EC2 instances.

Which solution will meet these requirements with the MOST operational efficiency?

Configure AWS Systems Manager on each instance. Use AWS Systems Manager Inventory. Use Systems Manager resource data sync to synchronize and store findings in an Amazon S3 bucket. Create an AWS Lambda function that runs when new objects are added to the S3 bucket. Configure the Lambda function to identify prohibited applications.

Configure AWS Systems Manager on each instance. Use Systems Manager Inventory Create AWS Config rules that monitor changes from Systems Manager Inventory to identify prohibited applications.

Configure AWS Systems Manager on each instance. Use Systems Manager Inventory. Filter a trail in AWS CloudTrail for Systems Manager Inventory events to identify prohibited applications.

Designate Amazon CloudWatch Logs as the log destination for all application instances. Run an automated script across all instances to create an inventory of installed applications. Configure the script to forward the results to CloudWatch Logs. Create a CloudWatch alarm that uses filter patterns to search log data to identify prohibited applications.

Correct Answer: B

The most operationally efficient solution for auditing EC2 instances for prohibited applications should seamlessly integrate monitoring and configuration management. AWS Systems Manager Inventory provides a managed service to collect metadata about the applications installed on EC2 instances. AWS Config, when used in conjunction with Systems Manager Inventory, can continuously monitor and evaluate the configuration of AWS resources. By creating AWS Config rules that monitor changes from Systems Manager Inventory, the system can automatically detect and report on prohibited applications, ensuring operational efficiency without needing additional lambda functions or manual intervention.

Discussion

tgv

---> B

getadroit

B https://aws.amazon.com/blogs/mt/preventing-blacklisted-applications-with-aws-systems-manager-and-aws-config/