Exam AWS Certified Cloud Practitioner CLF-C02 topic 1 question 2 discussion

Amazon Inspector for Audit CloudWatch for monitoring Config for compliance

Inspector is all about security assessments of AWS based applications and their configurations against known vulnerabilities. GuardDuty is all about continuously and automatically process different foundational data sources such as CloudTrail event logs, VPC flow logs and DNS logs to find potential security threat over an entire AWS account not just only with applications and it also uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within AWS environment. So as far as assessment is concerned Inspector is the right answer.

AWS Trusted Advisor provide the recommandations, AWS config for config and AWS GuardDuty for detections threats.

From the AWS skill builder website: AWS Inspector: It checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions.

While both AWS Trusted Advisor and Inspector are tools to help optimize your AWS environment, the key difference is that Trusted Advisor provides high-level recommendations based on best practices across your entire AWS account, while Inspector focuses on actively scanning your EC2 instances and other workloads for specific security vulnerabilities using an agent-based approach

The asnwer is Trusted advisor as the question says that The company needs to assess application vulnerabilities and" must identify infrastructure deployments that do not meet best practices." this task is specifically perfomed by AWS Trusted advisor

amazon inspector inspects any vulnerabilities

amazon inspector checks any kind of vulnerabilities

Because it helps to assess, audit and evaluate

Amazon Inspector is an AWS security service that automatically assesses applications for vulnerabilities and deviations from security best practices.

B. Amazon Inspector

are these actual questions which everyone is getting at this current moment?

B. Amazon Inspector

B its the right answer

B. Amazon Inspector

Amazon Inspector is specifically designed to assess the security of applications deployed on Amazon EC2 instances. It identifies vulnerabilities and deviations from best practices, providing detailed findings that help improve the security posture of your applications. This makes it the most suitable service for the company's need to assess application vulnerabilities and identify infrastructure deployments that do not meet best practices.

Inspector is all about security assessments of AWS based applications and their configurations against known vulnerabilities. GuardDuty is all about continuously and automatically process different foundational data sources such as CloudTrail event logs, VPC flow logs and DNS logs to find potential security threat over an entire AWS account not just only with applications and it also uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within AWS environment. So as far as assessment is concerned Inspector is the right answer.