Amazon Exam SCS-C02 Topic 4 Question 45 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 45
Topic #: 4

For compliance reasons a Security Engineer must produce a weekly report that lists any instance that does not have the latest approved patches applied. The Engineer must also ensure that no system goes more than 30 days without the latest approved updates being applied

What would the MOST efficient way to achieve these goals?

AUse Amazon inspector to determine which systems do not have the latest patches applied, and after 30 days, redeploy those instances with the latest AMI version

BConfigure Amazon EC2 Systems Manager to report on instance patch compliance and enforce updates during the defined maintenance windows

CExamine IAM CloudTrail togs to determine whether any instances have not restarted in the last 30 days, and redeploy those instances

DUpdate the AMls with the latest approved patches and redeploy each instance during the defined maintenance window

Show Suggested Answer

Suggested Answer: B

Amazon EC2 Systems Manager is a service that helps you automatically collect software inventory, apply OS patches, create system images, and configure Windows and Linux operating systems3.You can use Systems Manager to report on instance patch compliance and enforce updates during the defined maintenance windows4. The other options are either inefficient or not feasible for achieving the goals.

by Mary at May 04, 2025, 12:28 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Veronika

9 days ago

I think updating the AMIs with the latest approved patches and redeploying each instance during maintenance windows could also work well to ensure compliance.

upvoted 0 times

...

Estrella

1 months ago

I'm not sure, but I think using Amazon inspector to determine which systems do not have the latest patches applied could also be a good approach.

upvoted 0 times

...

Shayne

1 months ago

You know, I bet the person who wrote option A has never actually had to manage a large-scale infrastructure. Redeploying instances every 30 days? That's just asking for trouble.

upvoted 0 times

...

King

1 months ago

I agree with Broderick. Configuring EC2 Systems Manager seems like the best option to ensure all instances have the latest approved patches applied.

upvoted 0 times

...

Florinda

1 months ago

Haha, good luck keeping up with those IAM CloudTrail logs. You'd be drowning in data in no time. I'll take the automated approach any day.

upvoted 0 times

...

Pearlene

1 months ago

I was thinking the same thing! Automating the process with EC2 Systems Manager is the smart move. No more headaches trying to keep track of everything manually.

upvoted 0 times

Eleni

15 days ago

A) Use Amazon inspector to determine which systems do not have the latest patches applied, and after 30 days, redeploy those instances with the latest AMI version

upvoted 0 times

...

Broderick

1 months ago

I think the most efficient way would be to use Amazon EC2 Systems Manager to report on instance patch compliance and enforce updates during maintenance windows.

upvoted 0 times

...

Reyes

1 months ago

Option B is definitely the way to go. I mean, who wants to manually check each instance and then redeploy them? EC2 Systems Manager makes it a breeze to manage patch compliance.

upvoted 0 times

Theodora

3 days ago

Definitely, it saves a lot of time and ensures that all instances are up to date with the latest approved patches.

upvoted 0 times

...

Laurena

5 days ago

I agree, using Amazon EC2 Systems Manager to report on instance patch compliance and enforce updates during maintenance windows is much more efficient than manual checks.

upvoted 0 times

...

Gracia

28 days ago

Option B is definitely the way to go. I mean, who wants to manually check each instance and then redeploy them? EC2 Systems Manager makes it a breeze to manage patch compliance.

upvoted 0 times

...