AWS Certified Cloud Practitioner (CLF-C02) — Question 89

A company wants an automated process to continuously scan its Amazon EC2 instances for software vulnerabilities.
Which AWS service will meet these requirements?

Answer options

• A. Amazon GuardDuty
• B. Amazon Inspector
• C. Amazon Detective
• D. Amazon Cognito

Correct answer: B

Explanation

Amazon Inspector is specifically designed for assessing applications for vulnerabilities and deviations from best practices, making it the appropriate choice for scanning EC2 instances. Amazon GuardDuty focuses on threat detection and monitoring for malicious activity, while Amazon Detective is used for investigation and analysis of security issues. Amazon Cognito is primarily a user authentication service, which does not relate to vulnerability scanning.