Your IT Security team has identified a number of vulnerabilities across critical EC2 Instances in the company’s AWS Account.
Which would be the easiest way to ensure these vulnerabilities are remediated?
A . Create AWS Lambda functions to download the updates and patch the servers.
B . Use AWS CLI commands to download the updates and patch the servers.
C . Use AWS inspector to patch the servers
D . Use AWS Systems Manager to patch the servers
Answer: D
Explanation:
The AWS Documentation mentions the following
You can quickly remediate patch and association compliance issues by using Systems Manager Run Command. You can tat either instance IDs or Amazon EC2 tags and execute the AWS-RefreshAssociation document or the AWS-RunPatchBaseline document. If refreshing the association or re-running the patch baseline fails to resolve the compliance issue, then you need to investigate your associations, patch baselines, or instance configurations to understand why the Run Command executions did not resolve the problem
Options A and B are invalid because even though this is possible, still from a maintenance perspective it would be difficult to maintain the Lambda functions
Option C is invalid because this service cannot be used to patch servers
For more information on using Systems Manager for compliance remediation please visit the below Link:
https://docs.aws.amazon.com/systems-manaeer/latest/usereuide/sysman-compliance-
fixing.html
The correct answer is: Use AWS Systems Manager to patch the servers Submit your Feedback/Queries to our Experts