A company recently migrated from a third-party security application to Amazon Inspector. A sysops administrator discovered that a list of security findings is missing for some Amazon EC2 instances. Which action will resolve this problem?
A.
Generate the missing security findings list manually by logging in to the affected EC2 instances and running CLI commands.
B.
Log in to the affected EC2 instances. Download and install the Amazon Inspector agent from AWS Marketplace on each instance.
C.
Use a network reachability package to analyze network configurations to find security vulnerabilities on the affected EC2 instances.
D.
Verify that the Amazon Inspector agent is installed and running on the affected instances. Restart the Amazon Inspector agent.
should be C.
The rules in the Network Reachability package analyze your network configurations to find security vulnerabilities of your EC2 instances. The findings that Amazon Inspector generates also provide guidance about restricting access that is not secure.
D - https://docs.aws.amazon.com/inspector/v1/userguide/inspector_installing-uninstalling-agents.html#install-linux
I was initially thinking B, but you can use either Systems Manager or Install it via a "wget https://inspector-agent.amazonaws.com/linux/latest/install
curl -O https://inspector-agent.amazonaws.com/linux/latest/install"
B. Make sense that agent is missing and has to be installed.
For D, it just do verification, it doesn't specify what to do if the agents were not installed on the instances, unless already mean "ensure" (sorry for my poor English, I could be wrong)
D. Verify and "ensure" that the Amazon Inspector agent is installed and running on the affected instances. Restart the Amazon Inspector agent.
B, some AMI does not have installed Amazon inspector, so you have to install it manually, so there EC2 does not have installled amazon inspector you have to log in to EC2 and install it.
https://docs.aws.amazon.com/inspector/latest/userguide/inspector_installing-uninstalling-agents.html
You can not download Inspector Agent from AWS MArketplace. AWS Marketplace is used for getting softwares from vendors: https://aws.amazon.com/partners/aws-marketplace/
D is the correct answer
Ans: C
What is the network reachability rules package?
The network reachability rules package that identifies ports and services on your Amazon EC2 instances that are reachable from outside your VPC. When you run an assessment with this rules package, Inspector queries AWS APIs to read network configurations in your account such as Amazon Virtual Private Clouds (VPCs), security groups, network access control lists (ACLs), and route tables. then analyzes these network configurations to prove accessibility of ports. Findings show you the network configurations that allow access to a reachable port to help you easily restrict access as needed. The Amazon Inspector agent is not needed for assessments with the network reachability rules package. For instances with the Inspector agent installed, network reachability findings are enhanced with information that identifies which processes are listening on accessible ports.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
jtzt2003
Highly Voted 1 year, 6 months agomrphuongbn
1 year, 6 months agowaterzhong
Most Recent 10 months, 2 weeks agoFinger41
10 months, 3 weeks agoaidenpearce01
1 year, 1 month agoalexsandroe
1 year, 5 months agoRicardoD
1 year, 5 months agoabhishek_m_86
1 year, 6 months agokenkct
1 year, 6 months agokhun
1 year, 6 months agooscar_gdl
1 year, 6 months agoittest2020
1 year, 6 months agojackdryan
1 year, 6 months agoMFDOOM
1 year, 6 months agoNewguru2020
1 year, 7 months agojtzt2003
1 year, 7 months ago