Exam AWS Certified Cloud Practitioner CLF-C02 topic 1 question 2 discussion

Amazon Inspector for Audit CloudWatch for monitoring Config for compliance

Inspector is all about security assessments of AWS based applications and their configurations against known vulnerabilities. GuardDuty is all about continuously and automatically process different foundational data sources such as CloudTrail event logs, VPC flow logs and DNS logs to find potential security threat over an entire AWS account not just only with applications and it also uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within AWS environment. So as far as assessment is concerned Inspector is the right answer.

Amazon Inspector is specifically designed to assess application vulnerabilities and identify security issues in your EC2 instances and other AWS resources. It performs automated security assessments and checks for deviations from best practices, such as missing patches or insecure configurations.

Amazon Inspector is specifically designed to assess application vulnerabilities and identify security issues in your EC2 instances and other AWS resources. It performs automated security assessments and checks for deviations from best practices, such as missing patches or insecure configurations.

b is correct

B es la correcta

Because Amazon guarduty must deployment to cloud trail

The correct answer is: ✅ B. Amazon Inspector Explanation: Amazon Inspector is the AWS service designed to: Assess vulnerabilities in applications running on Amazon EC2 instances Automatically scan for software vulnerabilities and deviations from security best practices Integrate with AWS services like EC2, ECR, and Lambda to provide continuous scanning It is the most appropriate choice for identifying application-level security issues and misconfigurations on EC2. Why not the others? A. AWS Trusted Advisor: Checks for general best practices across AWS (cost, performance, limits, etc.), but not deep vulnerability scans. C. AWS Config: Tracks resource configuration compliance, not security vulnerabilities. D. Amazon GuardDuty: Detects threats and malicious activity, but doesn’t assess software/application vulnerabilities.

i guess it by naming

Amazon inspector Assess application vulnerabilities and Identify infrastructure misconfigurations and deviations

B is the answer

Amazon Inspector is a vulnerability management service designed to: • Automatically assess applications running on Amazon EC2 instances (and other compute environments like ECS with Fargate). • Scan for known vulnerabilities (CVEs) in software packages. • Evaluate the application and OS configurations against security best practices. • Continuously monitor the environment and trigger automated assessments upon deployments or changes. 🔍 It directly addresses both parts of the requirement: “assess application vulnerabilities” and “identify infrastructure that doesn’t meet best practices”.

A is correct

It is a correct answer

For people saying it is A) Trusted Advisor, the documentation for it Never mentions vulnerabilties. In the context of vulnerabiltirs the question is asking about security best practices therefore it is Inspector as that is a security focused product.

Amazon Insepector is an automated security assessment service that scans EC2 instances for vulnerabilities and assesses applications for exposure, vulnerabilities, and deviations from best practices.

Inspector - audit Cloud watch - monitoring Config - compliance