Exam AWS Certified Cloud Practitioner CLF-C02 topic 1 question 2 discussion

Amazon Inspector for Audit CloudWatch for monitoring Config for compliance

Inspector is all about security assessments of AWS based applications and their configurations against known vulnerabilities. GuardDuty is all about continuously and automatically process different foundational data sources such as CloudTrail event logs, VPC flow logs and DNS logs to find potential security threat over an entire AWS account not just only with applications and it also uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within AWS environment. So as far as assessment is concerned Inspector is the right answer.

Amazon Inspector is a vulnerability management service designed to: • Automatically assess applications running on Amazon EC2 instances (and other compute environments like ECS with Fargate). • Scan for known vulnerabilities (CVEs) in software packages. • Evaluate the application and OS configurations against security best practices. • Continuously monitor the environment and trigger automated assessments upon deployments or changes. 🔍 It directly addresses both parts of the requirement: “assess application vulnerabilities” and “identify infrastructure that doesn’t meet best practices”.

A is correct

It is a correct answer

For people saying it is A) Trusted Advisor, the documentation for it Never mentions vulnerabilties. In the context of vulnerabiltirs the question is asking about security best practices therefore it is Inspector as that is a security focused product.

AWS Inspector service is correct

Amazon Insepector is an automated security assessment service that scans EC2 instances for vulnerabilities and assesses applications for exposure, vulnerabilities, and deviations from best practices.

Inspector - audit Cloud watch - monitoring Config - compliance

Performs vunerabilities scanning on : EC2, lamda Identifies CVEs

Inspector for security assessments of applications

AWS Trusted Advisor provide the recommandations, AWS config for config and AWS GuardDuty for detections threats.

From the AWS skill builder website: AWS Inspector: It checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions.

While both AWS Trusted Advisor and Inspector are tools to help optimize your AWS environment, the key difference is that Trusted Advisor provides high-level recommendations based on best practices across your entire AWS account, while Inspector focuses on actively scanning your EC2 instances and other workloads for specific security vulnerabilities using an agent-based approach

The asnwer is Trusted advisor as the question says that The company needs to assess application vulnerabilities and" must identify infrastructure deployments that do not meet best practices." this task is specifically perfomed by AWS Trusted advisor

amazon inspector inspects any vulnerabilities

amazon inspector checks any kind of vulnerabilities