AWS Certified Cloud Practitioner — Question 128

A company needs an automated security assessment report that will identify unintended network access to Amazon EC2 instances. The report also must identify operating system vulnerabilities on those instances.
Which AWS service or feature should the company use to meet this requirement?

Answer options

• A. AWS Trusted Advisor
• B. Security groups
• C. Amazon Macie
• D. Amazon Inspector

Correct answer: D

Explanation

Amazon Inspector is specifically designed to perform automated security assessments and identify vulnerabilities in EC2 instances, making it the correct choice. AWS Trusted Advisor provides general best practices but does not focus on security assessments. Security groups are used for controlling access but do not generate reports, and Amazon Macie is primarily for data security and privacy rather than assessing EC2 instance vulnerabilities.