A company migrated hundreds of on-premises VMs to Amazon EC2. The instances run various Windows Server versions and several Linux distributions. The company needs to automate OS inventory and updates, and produce a monthly summary of common vulnerabilities for each instance. What should a solutions architect recommend?
Choose an answer
Tap an option to check your answer.
Correct answer: Set up AWS Systems Manager Patch Manager to manage all the EC2 instances. Deploy Amazon Inspector, and configure monthly reports..
Why this is the answer
The correct solution uses AWS Systems Manager Patch Manager for OS inventory and updates, as it automates patching for Windows and Linux EC2 instances. Amazon Inspector is the appropriate service for identifying common vulnerabilities and exposures (CVEs) on EC2 instances and can generate monthly reports. Incorrect options: AWS Security Hub aggregates security findings but doesn't perform vulnerability scanning itself. AWS Shield Advanced is a DDoS protection service, not for vulnerability scanning or patch management. AWS Config monitors resource configurations and changes, but doesn't automate patch installations directly or perform vulnerability scanning. Amazon GuardDuty is a threat detection service, not a vulnerability scanner or patch manager.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed