You work as a Systems administrator in a company.
Your company manages thousands of EC2 Instances.
There is a mandate to ensure that all servers are free from any critical security flaws.
Which of the following can be done to ensure this? Choose 2 answers from the options given below.
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answers: B and D.
The AWS Documentation mentions the following on AWS Inspector.
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices.
After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.
These findings can be reviewed directly or as part of detailed assessment reports available via the Amazon Inspector console or API.
Once you understand the list of servers that require critical updates, you can rectify them by installing the required patches via the SSM tool.
Option A is invalid because the AWS Config service is not used to check the vulnerabilities on servers.
Option C is invalid because the AWS Inspector service is not used to patch servers.
For more information on AWS Inspector, please visit the following URL-
https://aws.amazon.com/inspector/For more information on the Systems Manager, please visit the following URL-
https://docs.aws.amazon.com/systems-manager/latest/APIReference/Welcome.htmlAs a Systems administrator managing a large number of EC2 instances, it's essential to ensure that all servers are free from any critical security flaws to maintain the security and stability of the infrastructure.
To achieve this, two of the best options are to use AWS Inspector and AWS Config to assess and patch the servers.
Here's a detailed explanation of each option:
A. Use AWS Config to ensure that the servers have no critical flaws:
AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications. You can use AWS Config rules to ensure compliance with policies related to security, compliance, and governance. By creating custom rules, you can ensure that your servers are configured correctly, and there are no critical security flaws.
AWS Config can continuously monitor your infrastructure to detect and report on any configuration changes, which can be useful in identifying and addressing any critical security flaws. You can use AWS Config to track compliance with security standards such as CIS AWS Foundations Benchmark, which can help ensure that your servers are secure.
B. Use AWS Inspector to ensure that the servers have no critical flaws:
AWS Inspector is an automated security assessment service that can help you identify security issues and vulnerabilities on your EC2 instances. It includes a variety of pre-defined rules packages that are mapped to common security standards and best practices, such as CIS AWS Foundations Benchmark, PCI DSS, and HIPAA.
By running AWS Inspector assessments on your EC2 instances, you can identify and address any security issues or vulnerabilities. The assessment results provide you with a prioritized list of security findings, including detailed information about each finding, which can help you prioritize and address issues quickly.
C. Use AWS Inspector to patch the servers:
AWS Inspector does not patch servers directly; instead, it provides you with a list of prioritized findings to help you address any vulnerabilities. Once you have identified any vulnerabilities, you can use AWS Systems Manager (SSM) to patch the servers.
D. Use AWS SSM to patch the servers:
AWS SSM is a service that allows you to manage and automate operational tasks across your EC2 instances, on-premises servers, and virtual machines. SSM allows you to automate tasks such as patching, updating, and configuring your instances at scale.
You can use AWS SSM to patch your EC2 instances to ensure that any known security vulnerabilities are addressed. AWS SSM integrates with AWS Inspector, enabling you to automate the process of identifying and patching vulnerabilities.
In summary, to ensure that your servers are free from any critical security flaws, you can use AWS Inspector to assess and identify any vulnerabilities, and then use AWS SSM to patch the servers. Alternatively, you can use AWS Config to continuously monitor and ensure that your servers are compliant with security policies and best practices.