A Security and Compliance team is reviewing Amazon EC2 workloads for unapproved AMI usage.
Which action should a SysOps Administrator recommend?

Question

A Security and Compliance team is reviewing Amazon EC2 workloads for unapproved AMI usage. Which action should a SysOps Administrator recommend?

Accepted Answer

Correct answer: C. C. Use an AWS Config rule to identify unapproved AMIs — AWS Config is the ideal service for tracking resource compliance against desired configurations, and it includes managed rules (such as approved-amis-by-id) to specifically identify EC2 instances running unapproved AMIs. AWS Systems Manager Inventory collects software and configuration metadata but does not evaluate compliance rules for AMIs. Amazon Inspector focuses on vulnerability assessment and software security, while AWS Trusted Advisor does not have a check designed to validate AMI compliance.

AWS Certified SysOps Administrator – Associate (legacy) — Question 524

Answer options

Correct answer: C

Explanation