exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 315 discussion

A company experienced a breach that affected several applications in its on-premises data center. The attacker took advantage of vulnerabilities in the custom applications that were running on the servers. The company is now migrating its applications to run on Amazon EC2 instances. The company wants to implement a solution that actively scans for vulnerabilities on the EC2 instances and sends a report that details the findings.

Which solution will meet these requirements?

  • A. Deploy AWS Shield to scan the EC2 instances for vulnerabilities. Create an AWS Lambda function to log any findings to AWS CloudTrail.
  • B. Deploy Amazon Macie and AWS Lambda functions to scan the EC2 instances for vulnerabilities. Log any findings to AWS CloudTrail.
  • C. Turn on Amazon GuardDuty. Deploy the GuardDuty agents to the EC2 instances. Configure an AWS Lambda function to automate the generation and distribution of reports that detail the findings.
  • D. Turn on Amazon Inspector. Deploy the Amazon Inspector agent to the EC2 instances. Configure an AWS Lambda function to automate the generation and distribution of reports that detail the findings.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
siyam008
Highly Voted 1 year, 3 months ago
Selected Answer: D
AWS Shield for DDOS Amazon Macie for discover and protect sensitive date Amazon GuardDuty for intelligent thread discovery to protect AWS account Amazon Inspector for automated security assessment. like known Vulnerability
upvoted 56 times
...
benacert
Highly Voted 6 months, 2 weeks ago
Whenever I feel vulnerable, I use AWS Inspector..
upvoted 15 times
...
zinabu
Most Recent 2 months ago
Selected Answer: D
Amazon Inspector for automated security assessment. like known Vulnerability
upvoted 4 times
...
Ruffyit
7 months, 2 weeks ago
AWS Shield for DDOS Amazon Macie for discover and protect sensitive date Amazon GuardDuty for intelligent thread discovery to protect AWS account Amazon Inspector for automated security assessment. like known Vulnerability
upvoted 5 times
...
TariqKipkemei
8 months, 2 weeks ago
Selected Answer: D
vulnerabilities = Amazon Inspector malicious activity = Amazon GuardDuty
upvoted 10 times
...
Guru4Cloud
9 months, 3 weeks ago
Selected Answer: D
Enable Amazon Inspector Deploy Inspector agents to EC2 instances Use Lambda to generate and distribute vulnerability reports The key points: Migrate on-prem apps with vulnerabilities to EC2 Need active scanning of EC2 instances for vulnerabilities Require reports on findings
upvoted 4 times
...
kruasan
1 year, 1 month ago
Selected Answer: D
Amazon Inspector: • Performs active vulnerability scans of EC2 instances. It looks for software vulnerabilities, unintended network accessibility, and other security issues. • Requires installing an agent on EC2 instances to perform scans. The agent must be deployed to each instance. • Provides scheduled scan reports detailing any findings of security risks or vulnerabilities. These reports can be used to patch or remediate issues. • Is best suited for proactively detecting security weaknesses and misconfigurations in your AWS environment.
upvoted 4 times
kruasan
1 year, 1 month ago
Amazon GuardDuty: • Monitors for malicious activity like unusual API calls, unauthorized infrastructure deployments, or compromised EC2 instances. It uses machine learning and behavioral analysis of logs. • Does not require installing any agents. It relies on analyzing AWS CloudTrail, VPC Flow Logs, and DNS logs. • Alerts you to any detected threats, suspicious activity or policy violations in your AWS accounts. These alerts warrant investigation but may not always require remediation. • Is focused on detecting active threats, unauthorized behavior, and signs of a compromise in your AWS environment. • Can also detect some vulnerabilities and misconfigurations but coverage is not as broad as a dedicated service like Inspector.
upvoted 7 times
...
...
datz
1 year, 3 months ago
Selected Answer: D
Amazon Inspector is a vulnerability scanning tool that you can use to identify potential security issues within your EC2 instances. It is a kind of automated security assessment service that checks the network exposure of your EC2 or latest security state for applications running into your EC2 instance. It has ability to auto discover your AWS workload and continuously scan for the open loophole or vulnerability.
upvoted 2 times
...
shanwford
1 year, 3 months ago
Selected Answer: D
Amazon Inspector is a vulnerability scanning tool that you can use to identify potential security issues within your EC2 instances. Guard Duty continuously monitors your entire AWS account via Cloud Trail, Flow Logs, DNS Logs as Input.
upvoted 2 times
...
GalileoEC2
1 year, 3 months ago
Selected Answer: C
:) C is the correct https://cloudkatha.com/amazon-guardduty-vs-inspector-which-one-should-you-use/
upvoted 1 times
jayantp04
6 months, 1 week ago
Document itself saying that Amazon Inspector is a vulnerability scanning tool hence correct Answer is D
upvoted 2 times
...
MssP
1 year, 2 months ago
Please, read the link you sent: Amazon Inspector is a vulnerability scanning tool that you can use to identify potential security issues within your EC2 instances. GuardDuty is very critical part to identify threats, based on that findings you can setup automated preventive actions or remediation’s. So Answer is D.
upvoted 2 times
...
...
GalileoEC2
1 year, 3 months ago
Selected Answer: C
https://cloudkatha.com/amazon-guardduty-vs-inspector-which-one-should-you-use/
upvoted 1 times
...
LuckyAro
1 year, 4 months ago
Selected Answer: D
Amazon Inspector is a security assessment service that helps to identify security vulnerabilities and compliance issues in applications deployed on Amazon EC2 instances. It can be used to assess the security of applications that are deployed on Amazon EC2 instances, including those that are custom-built. To use Amazon Inspector, the Amazon Inspector agent must be installed on the EC2 instances that need to be assessed. The agent collects data about the instances and sends it to Amazon Inspector for analysis. Amazon Inspector then generates a report that details any security vulnerabilities that were found and provides guidance on how to remediate them. By configuring an AWS Lambda function, the company can automate the generation and distribution of reports that detail the findings. This means that reports can be generated and distributed as soon as vulnerabilities are detected, allowing the company to take action quickly.
upvoted 2 times
...
pbpally
1 year, 4 months ago
Selected Answer: D
I'm a little confused on how someone came up with C, it is definitely D.
upvoted 2 times
...
obatunde
1 year, 4 months ago
Selected Answer: D
Amazon Inspector
upvoted 3 times
obatunde
1 year, 4 months ago
Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure. https://aws.amazon.com/inspector/features/?nc=sn&loc=2
upvoted 4 times
...
...
Palanda
1 year, 4 months ago
Selected Answer: D
I think D
upvoted 1 times
...
minglu
1 year, 4 months ago
Selected Answer: D
Inspector for EC2
upvoted 1 times
...
skiwili
1 year, 4 months ago
Selected Answer: D
Ddddddd
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago