Your company manages thousands of EC2 Instances. There is a mandate to ensure that all servers don’t have any critical security flaws. Which of the following can be done to ensure this? Choose 2 answers from the options given below.

Answer options:

A.Use AWS Config to ensure that the servers have no critical flaws.
B.Use AWS Inspector to ensure that the servers have no critical flaws.
C.Use AWS Inspector to patch the servers.
D.Use AWS SSM to patch the servers.

Answer: B and D
Answer A is incorrect as AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources and does not manage server security and patch up-gradation.
Answer B is CORRECT because Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports available via the Amazon Inspector console or API.
Option C is incorrect because the AWS Inspector is used to identify security flaws in the servers by providing reports but does not undertake the patch maintenance job.
Option D is CORRECT because once you understand the list of servers that require critical updates, you can rectify them by installing the required patches via the Systems Manager Agent (SSM) tool on AWS.
For more information on AWS Inspector, kindly visit the following URL:
https://aws.amazon.com/inspector/
For more information on the Systems Manager, kindly visit the following URL:
https://docs.aws.amazon.com/systems-manager/latest/APIReference/Welcome.html