Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 574 discussion

The correct answer is D : GuardDuty Inspector only for EC2

Inspector seems to be only for EC2, GuardDuty is for the whole environment

The keyword is "Potential". The company is after potential security beaches. Inspector - Proactive Guard Duty - Reactive 3 tier application is mentioned in the question. You can install a website, app, and RDS in the EC2 instance. Inspector should be good enough for EC2 and ECR to detect potential security breaches. Links in the others are very useful

Inspector will detect "potential" security issues. Guarddutty is for suspicious traffic

After reading this article I go with D. https://medium.com/aws-architech/use-case-aws-inspector-vs-guardduty-3662bf80767a

D should be better. About "3-tier application", No mentioned that all is belong to EC2 in quesiton. In Logic Tier & Data Tier, its may be the serverless components, such as Lambda/API GW... as belowed link https://docs.aws.amazon.com/whitepapers/latest/serverless-multi-tier-architectures-api-gateway-lambda/three-tier-architecture-overview.html

Vote C. "security vulnerabilities" as meeting the criteria.

Amazon Inspector is an automated vulnerability management service that continually scans Amazon Elastic Compute Cloud (EC2) and container workloads for software vulnerabilities and unintended network exposure. Key word here is "inside the environment " GuardDuty generates a finding whenever it detects unexpected and potentially malicious activity in your AWS environment Answer is D

・three-tier application: all on EC2, ・To identify vulnerabilities so answer is C

WAF & Shield protect from attack so A & B out "to host all components" while inspector only for EC2 so C out it is D WAF protects from attack

Answer D

C - Inspector is for vulnerabilities = security breaches

Guardduty is for Intelligent Threat discovery, that is what we're looking for in this use case

The comment section can somtimes be a real pain in the A$$...why even discuss here, it is obvious that it is C here, Inspector is the thing that should come to mind immediately after looking for detecting vulnerabilities, it is a simple technical question, not a philosophy thesis

AWS Inspector detects vulnerabilities

Amazon Inspector : Automated and continual vulnerability management at scale Amazon GuardDuty : Protect your AWS accounts with intelligent threat detection

https://medium.com/aws-architech/use-case-aws-inspector-vs-guardduty-3662bf80767a D가 맞는것 같네요.