AWS Certified Solutions Architect – Associate (SAA-C02) — Question 313

A company wants to automate the security assessment of its Amazon EC2 instances. The company needs to validate and demonstrate that security and compliance standards are being followed throughout the development process.
What should a solutions architect do to meet these requirements?

Answer options

• A. Use Amazon Macie to automatically discover, classify and protect the EC2 instances.
• B. Use Amazon GuardDuty to publish Amazon Simple Notification Service (Amazon SNS) notifications.
• C. Use Amazon Inspector with Amazon CloudWatch to publish Amazon Simple Notification Service (Amazon SNS) notifications
• D. Use Amazon EventBridge (Amazon CloudWatch Events) to detect and react to changes in the status of AWS Trusted Advisor checks.

Correct answer: C

Explanation

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS, making it the ideal tool for evaluating Amazon EC2 instances. Integrating it with Amazon CloudWatch and Amazon SNS allows the development team to receive automated, real-time alerts regarding security findings and compliance status. Other services like Amazon Macie (used for sensitive data discovery in S3), Amazon GuardDuty (used for continuous threat detection), and AWS Trusted Advisor (used for general best practice recommendations) do not provide the detailed, automated EC2 security and compliance assessments required here.