AWS Certified SysOps Administrator – Associate (legacy) — Question 8

A company's IT Security team is performing an audit of the AWS environment to determine which servers need to be patched and where additional security controls need to be added.
The company is responsible for which of the following? (Choose two.)

Answer options

• A. Patching the OS on Amazon RDS instances
• B. Patching the OS on Amazon EC2 instances
• C. Enabling server-side encryption with Amazon S3-Managed Keys (SSE-S3) on S3 objects
• D. Patching the database engine on RDS instances
• E. Patching PHP in an AWS Elastic Beanstalk managed EC2 application

Correct answer: B, C

Explanation

The company is responsible for patching the OS on Amazon EC2 instances because they manage their own EC2 instances and the operating system. Enabling server-side encryption with Amazon S3-Managed Keys (SSE-S3) on S3 objects is also their responsibility to ensure data security. However, patching the OS on Amazon RDS instances, patching the database engine on RDS instances, and patching PHP in an AWS Elastic Beanstalk managed EC2 application are responsibilities that fall under AWS's management for those services.