Question #894
Which AWS service allows users to identify security weaknesses in their Amazon EC2 instances through preconfigured evaluation frameworks?
AWS Config
AWS Trusted Advisor
Amazon Inspector
AWS Security Hub
Explanation
Amazon Inspector (C) is specifically designed to analyze Amazon EC2 instances for security vulnerabilities using predefined rules packages (preconfigured evaluation frameworks). These frameworks check for issues like exposure to known CVEs, insecure network configurations, and deviations from security best practices.
Why other options are incorrect:
- AWS Config (A): Tracks resource configuration changes and compliance over time but does not perform security assessments.
- AWS Trusted Advisor (B): Provides general best-practice recommendations (e.g., open security groups) but lacks deep OS-level vulnerability scanning.
- AWS Security Hub (D): Aggregates findings from services like Inspector but does not perform the assessments itself.
Key Points:
- Inspector uses automated, agent-based scanning for EC2 instances.
- Predefined rules packages align with CIS benchmarks, CVSS scores, and AWS security best practices.
- Focuses on identifying OS vulnerabilities, network exposure, and application misconfigurations.
Answer
The correct answer is: C