Topic 1 Question 53
3 つ選択A company is performing vulnerability scanning for all Amazon EC2 instances across many accounts. The accounts are in an organization in AWS Organizations. Each account's VPCs are attached to a shared transit gateway. The VPCs send traffic to the internet through a central egress VPC. The company has enabled Amazon Inspector in a delegated administrator account and has enabled scanning for all member accounts. A DevOps engineer discovers that some EC2 instances are listed in the "not scanning" tab in Amazon Inspector. Which combination of actions should the DevOps engineer take to resolve this issue?
Verify that AWS Systems Manager Agent is installed and is running on the EC2 instances that Amazon Inspector is not scanning.
Associate the target EC2 instances with security groups that allow outbound communication on port 443 to the AWS Systems Manager service endpoint.
Grant inspector:StartAssessmentRun permissions to the IAM role that the DevOps engineer is using.
Configure EC2 Instance Connect for the EC2 instances that Amazon Inspector is not scanning.
Associate the target EC2 instances with instance profiles that grant permissions to communicate with AWS Systems Manager.
Create a managed-instance activation. Use the Activation Code and the Activation ID to register the EC2 instances.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: ABE👍 3Dimidrol2023/04/06
A,B,E are correct https://docs.aws.amazon.com/inspector/latest/user/scanning-ec2.html
👍 2alce20202023/04/16- 正解だと思う選択肢: ABE
Option C suggests granting inspector:StartAssessmentRun permissions to the IAM role being used by the DevOps engineer. However, this may not be relevant to the issue of instances not being scanned by Amazon Inspector, as the IAM role may already have the necessary permissions by default.
Therefore, A, B, E is a better choice in this case as it includes the necessary steps to ensure that the instances can communicate with AWS Systems Manager, which is required for Amazon Inspector to scan the instances.
👍 1jqso2342023/04/14
シャッフルモード