AWS Certified SysOps Administrator – Associate (legacy) — Question 579

A SysOps Administrator has been notified that some Amazon EC2 instances in the company's environment might have a vulnerable software version installed.
What should be done to check all of the instances in the environment with the LEAST operational overhead?

Answer options

• A. Create and run an Amazon Inspector assessment template.
• B. Manually SSH into each instance and check the software version.
• C. Use AWS CloudTrail to verify Amazon EC2 activity in the account.
• D. Write a custom script and use AWS CodeDeploy to deploy to Amazon EC2 instances.

Correct answer: A

Explanation

Amazon Inspector is an automated vulnerability management service that scans Amazon EC2 instances for software vulnerabilities and unintended network exposure, requiring minimal operational overhead. Manual SSH checks and writing custom scripts for AWS CodeDeploy require significant administrative effort and are prone to errors. AWS CloudTrail records API activity but cannot inspect the internal software or operating system packages of an EC2 instance.