AWS Certified Security – Specialty (SCS-C02) — Question 210

A company runs workloads on Amazon EC2 instances. The company needs to continually scan the EC2 instances for software vulnerabilities and unintended network exposure.

Which solution will meet these requirements?

Answer options

• A. Use Amazon Inspector. Set the scan mode to hybrid scanning.
• B. Use Amazon GuardDuty. Enable the Malware Protection feature.
• C. Use Amazon Inspector. Enable the Malware Protection feature.
• D. Use Amazon GuardDuty. Enable the Runtime Monitoring feature.

Correct answer: A

Explanation

The correct answer is A because Amazon Inspector is designed specifically for scanning EC2 instances for vulnerabilities and network exposure, and hybrid scanning combines both host assessments and network assessments. Options B and D involve Amazon GuardDuty, which focuses on threat detection rather than vulnerability scanning, while option C lacks the hybrid scanning capability needed for thorough assessments.