Question 310:
A financial company recently encountered an IT security incident for one of its AWS EC2 instances. An attacker used Kali Linux penetration testing tool to scan the company’s EC2 resources, found an EC2 configuration weaknesses and then gained unauthorized access. You need to work out a plan to make sure that all EC2 instances always meet patch compliance. A monitoring tool is also required for these kinds of potential security risks. Which approaches should you take in together to meet the requirements? (Select TWO.)
Answer options:
A.Use AWS Systems Manager Run Command to apply necessary patches every 30 days to ensure all EC2 instances are always patch compliant. B.Configure patch baselines in AWS Systems Manager and use Patch Manager to apply patches in a maintenance window. C.Configure AWS Macie to continuously monitor security issues for AWS resources. Configure SNS notifications based on Macie alarms in CloudWatch Events. D.Configure monitoring dashboard in AWS QuickSight which uses machine learning skills to discover security incidents that are happening. E.Enable AWS GuardDuty to monitor potential security incidents. Create CloudWatch Event rules based on the findings and trigger SNS notifications.