After a breach of on‑premises applications, a company is migrating those applications to Amazon EC2. The company needs an active vulnerability scanning solution for the EC2 instances that produces a detailed report of findings. Which solution meets these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Turn on Amazon Inspector. Deploy the Amazon Inspector agent to the EC2 instances. Configure an AWS Lambda function to automate generation and distribution of reports that detail the findings..
Why this is the answer
Amazon Inspector is a vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure. It is the correct choice because it is specifically designed for active vulnerability scanning of EC2 instances and can produce detailed reports. Deploying the Amazon Inspector agent to the EC2 instances allows for in-depth analysis. An AWS Lambda function can then automate the generation and distribution of these detailed reports. AWS Shield is a managed Distributed Denial of Service (DDoS) protection service, not a vulnerability scanner. Amazon Macie is a data security and privacy service that discovers and protects sensitive data, primarily in Amazon S3, not for EC2 instance vulnerability scanning. Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior, but it focuses on detecting threats rather than active vulnerability scanning of instances for software vulnerabilities.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed