Question #836
A company needs an automated solution to assess its Amazon EC2 instances for security vulnerabilities and generate compliance reports based on industry standards. Which AWS service should be used to fulfill this requirement?
Amazon GuardDuty
Amazon Inspector
Amazon Detective
Amazon Cognito
Explanation
Amazon Inspector is designed to automatically assess Amazon EC2 instances for security vulnerabilities, such as unintended network exposure, software vulnerabilities, and deviations from security best practices. It generates detailed compliance reports based on industry standards like CIS (Center for Internet Security) benchmarks, making it the ideal choice for the company's requirements.
Why Other Options Are Incorrect:
- A. Amazon GuardDuty: Focuses on threat detection (e.g., malicious activity, unauthorized access) rather than vulnerability assessments or compliance reporting.
- C. Amazon Detective: Helps investigate security incidents by analyzing logs but does not perform vulnerability assessments or generate compliance reports.
- D. Amazon Cognito: A service for user authentication and access management, unrelated to security assessments or compliance.
Key Points to Remember:
- Use Amazon Inspector for automated vulnerability assessments and compliance reporting.
- GuardDuty detects threats, Detective investigates incidents, and Cognito manages user identities.
Answer
The correct answer is: B