AWS Certified Security – Specialty — Question 217

Amazon GuardDuty has detected communications to a known command and control endpoint from a company's Amazon EC2 instance. The instance was found to be running a vulnerable version of a common web framework. The company's security operations team wants to quickly identify other compute resources with the specific version of that framework installed.
Which approach should the team take to accomplish this task?

Answer options

• A. Scan all the EC2 instances for noncompliance with AWS Config. Use Amazon Athena to query AWS CloudTrail logs for the framework installation.
• B. Scan all the EC2 instances with the Amazon Inspector Network Reachability rules package to identify instances running a web server with RecognizedPortWithListener findings.
• C. Scan all the EC2 instances with AWS Systems Manager to identify the vulnerable version of the web framework.
• D. Scan all the EC2 instances with AWS Resource Access Manager to identify the vulnerable version of the web framework.

Correct answer: C

Explanation

The correct answer is C because AWS Systems Manager provides tools for inventory management, which can be used to identify specific software versions across EC2 instances. Option A is incorrect as AWS Config focuses on compliance rather than specific software identification. Option B is not suitable as Amazon Inspector's Network Reachability rules package does not directly identify specific versions of software. Option D is wrong because AWS Resource Access Manager is not designed for scanning software versions on instances.