AWS Certified Solutions Architect – Associate (SAA-C03) — Question 812

A company has migrated a fleet of hundreds of on-premises virtual machines (VMs) to Amazon EC2 instances. The instances run a diverse fleet of Windows Server versions along with several Linux distributions. The company wants a solution that will automate inventory and updates of the operating systems. The company also needs a summary of common vulnerabilities of each instance for regular monthly reviews.

What should a solutions architect recommend to meet these requirements?

Answer options

• A. Set up AWS Systems Manager Patch Manager to manage all the EC2 instances. Configure AWS Security Hub to produce monthly reports.
• B. Set up AWS Systems Manager Patch Manager to manage all the EC2 instances. Deploy Amazon Inspector, and configure monthly reports.
• C. Set up AWS Shield Advanced, and configure monthly reports. Deploy AWS Config to automate patch installations on the EC2 instances.
• D. Set up Amazon GuardDuty in the account to monitor all EC2 instances. Deploy AWS Config to automate patch installations on the EC2 instances.

Correct answer: B

Explanation

AWS Systems Manager Patch Manager is the ideal tool to automate the patching of operating systems across a diverse fleet of Windows and Linux EC2 instances. Amazon Inspector is specifically designed to perform vulnerability assessments and can generate reports identifying common vulnerabilities on EC2 instances. Other services like AWS Config, AWS Shield, and Amazon GuardDuty do not provide native automated patching capabilities or detailed instance vulnerability scanning reviews.