Your company manages thousands of EC2 Instances.
There is a mandate to ensure that all servers don't have any critical security flaws.
Which of the following can be done to ensure this? Choose 2 answers from the options given below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: B and D.
Answer A is incorrect as AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources and does not manage server security and patch up-gradation.
Answer B is CORRECT because Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices.
After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.
These findings can be reviewed directly or as part of detailed assessment reports available via the Amazon Inspector console or API.
Option C is incorrect because the AWS Inspector is used to identify security flaws in the servers by providing reports but does not undertake the patch maintenance job.
Option D is CORRECT because once you understand the list of servers that require critical updates, you can rectify them by installing the required patches via the Systems Manager Agent (SSM) tool on AWS.
For more information on AWS Inspector, kindly visit the following URL:
https://aws.amazon.com/inspector/For more information on the Systems Manager, kindly visit the following URL:
https://docs.aws.amazon.com/systems-manager/latest/APIReference/Welcome.htmlTo ensure that all servers don't have any critical security flaws, you can use AWS Config and AWS Inspector.
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It can continuously monitor your AWS resources and provide you with a detailed inventory of your resources and their configuration history. Using AWS Config, you can ensure that all servers have no critical flaws by creating a rule that checks for specific security configurations that you want to enforce. For example, you can create a rule that checks if all EC2 instances have the latest security patches installed.
AWS Inspector is a security assessment service that helps you discover potential security issues in your EC2 instances and other AWS resources. It can analyze the behavior of your resources, identify security vulnerabilities, and provide recommendations for remediation. Using AWS Inspector, you can ensure that all servers have no critical flaws by running security assessments on your EC2 instances and checking for any vulnerabilities that could be exploited by attackers.
AWS Inspector cannot patch the servers itself; it can only identify the security flaws. To patch the servers, you can use AWS SSM (Systems Manager). AWS SSM is a service that enables you to manage your EC2 instances and other AWS resources through a unified interface. It can help you automate the patching process by deploying the latest security patches to all your EC2 instances.
Therefore, the correct answers to this question are A and B. Use AWS Config to ensure that the servers have no critical flaws, and use AWS Inspector to ensure that the servers have no critical flaws. If any critical flaws are identified, you can use AWS SSM to patch the servers.