For compliance reasons, a Security Engineer must produce a weekly report that lists any instance that does not have the latest approved patches applied. TheEngineer must also ensure that no system goes more than 30 days without the latest approved updates being applied.
What would be the MOST efficient way to achieve these goals?

A. Use Amazon Inspector to determine which systems do not have the latest patches applied, and after 30 days, redeploy those instances with the latest AMI version. B. Configure Amazon EC2 Systems Manager to report on instance patch compliance, and enforce updates during the defined maintenance windows. C. Examine AWS CloudTrail logs to determine whether any instances have not restarted in the last 30 days, and redeploy those instances. D. Update the AMIs with the latest approved patches, and redeploy each instance during the defined maintenance window.