Discover which AWS service offers automated vulnerability management to continuously scan workloads for software vulnerabilities. Learn how Amazon Inspector meets these requirements for the AWS Certified Cloud Practitioner CLF-C02 exam.
Question
A company needs an automated vulnerability management service that continuously scans AWS workloads for software vulnerabilities. Which AWS service will meet these requirements?
A. Amazon GuardDuty
B. Amazon Inspector
C. AWS Security Hub
D. AWS Shield
Answer
B. Amazon Inspector
Explanation
Amazon Inspector is an automated vulnerability management service that continuously scans AWS workloads for software vulnerabilities and unintended network exposure. Amazon Inspector automatically discovers workloads such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software vulnerabilities and unintended network exposure.
Amazon Inspector is a specialized AWS service designed for automated vulnerability management. It continuously scans AWS workloads such as Amazon EC2 instances, container images in Amazon Elastic Container Registry (ECR), and AWS Lambda functions for software vulnerabilities and unintended network exposure. This makes it the ideal solution for organizations seeking an automated, scalable, and efficient vulnerability management tool.
Key Features of Amazon Inspector
- Continuous Scanning: Automatically discovers and assesses resources like EC2 instances, ECR container images, and Lambda functions for vulnerabilities in near-real time.
- Risk Prioritization: Provides a contextualized risk score for each finding by correlating Common Vulnerabilities and Exposures (CVE) data with environmental factors, helping prioritize remediation efforts.
- Integration: Findings are integrated with AWS Security Hub and Amazon EventBridge to streamline workflows and automate responses.
- Agentless Scanning: For EC2 instances without an SSM Agent, Amazon Inspector performs agentless vulnerability assessments using EBS snapshots.
Compared to other options
Amazon GuardDuty (A): Focuses on threat detection rather than vulnerability management.
AWS Security Hub (C): Aggregates security findings from multiple services but does not perform direct vulnerability scanning.
AWS Shield (D): Protects against Distributed Denial of Service (DDoS) attacks but does not manage software vulnerabilities.
Thus, Amazon Inspector is the most suitable service for the requirement of continuous workload vulnerability scanning.
Amazon AWS Certified Cloud Practitioner CLF-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner CLF-C02 exam and earn Amazon AWS Certified Cloud Practitioner CLF-C02 certification.