A company's security analyst detected a malware $($Remote Access Tool$)$ on some instances

that run web servers and are in an Auto Scaling group that maintains at least other $20$ instances. No data is stored on those web servers, and while the Incident Forensics team

analyzes how they got in$,$ the security analyst wants to automate the rebuild of any compro$-$

mised instance to ensure that the malware was removed. How would you suggest to proceed?

$($Choose three.$)$

A$.$ Run an antimalware software scan to remove the malware.

B$.$ Enable Amazon GuardDuty, and configure an Amazon CloudWatch Events rule to trigger a Run command execution to reinstall the web server.

C$.$ Enable Amazon GuardDuty, and configure an Amazon CloudWatch Events rule to trigger the termination of the instance when Remote Access Tools are detected.

D$.$ Use host intrusion prevention systems from the partners in the marketplace to harden

the instances.

E$.$ Use AWS Systems Manager Patch Manager to patch the instances