PdfPrep.com

Which would be the easiest way to ensure these vulnerabilities are remediated?

Your IT Security team has identified a number of vulnerabilities across critical EC2 Instances in the company’s AWS Account.

Which would be the easiest way to ensure these vulnerabilities are remediated?
A . Create AWS Lambda functions to download the updates and patch the servers.
B . Use AWS CLI commands to download the updates and patch the servers.
C . Use AWS inspector to patch the servers
D . Use AWS Systems Manager to patch the servers

Answer: D

Explanation:

The AWS Documentation mentions the following

You can quickly remediate patch and association compliance issues by using Systems Manager Run Command. You can tat either instance IDs or Amazon EC2 tags and execute the AWS-RefreshAssociation document or the AWS-RunPatchBaseline document. If refreshing the association or re-running the patch baseline fails to resolve the compliance issue, then you need to investigate your associations, patch baselines, or instance configurations to understand why the Run Command executions did not resolve the problem

Options A and B are invalid because even though this is possible, still from a maintenance perspective it would be difficult to maintain the Lambda functions

Option C is invalid because this service cannot be used to patch servers

For more information on using Systems Manager for compliance remediation please visit the below Link:

https://docs.aws.amazon.com/systems-manaeer/latest/usereuide/sysman-compliance-

fixing.html

The correct answer is: Use AWS Systems Manager to patch the servers Submit your Feedback/Queries to our Experts

Exit mobile version