Which solution will meet these requirements?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A company experienced a breach that affected several applications in its on-premises data center.The attacker took advantage of vulnerabilities in the custom applications that were running on the servers.The company is now migrating its applications to run on Amazon EC2 instances.The company wants to implement a solution that actively scans for vulnerabilities on the EC2 instances and sends a report that details the findings.

Which solution will meet these requirements?

Deploy AWS Shield to scan the EC2 instances for vulnerabilities. Create an AWS Lambda function to log any findings to AWS CloudTrail.

Deploy Amazon Macie and AWS Lambda functions to scan the EC2 instances for vulnerabilities. Log any findings to AWS CloudTrail.

Turn on Amazon GuardDuty. Deploy the GuardDuty agents to the EC2 instances. Configure an AWS Lambda function to automate the generation and distribution of reports that detail the findings.

Turn on Amazon Inspector. Deploy the Amazon Inspector agent to the EC2 instances. Configure an AWS Lambda function to automate the generation and distribution of reports that detail the findings.

Explanations:

AWS Shield is designed for DDoS protection, not vulnerability scanning. It does not meet the requirement of actively scanning EC2 instances for vulnerabilities.

Amazon Macie is primarily for data privacy and security, not vulnerability scanning of EC2 instances. It does not fulfill the requirement.

Amazon GuardDuty is for threat detection, not vulnerability scanning. It cannot actively scan EC2 instances for vulnerabilities or generate detailed reports.

Amazon Inspector is a service designed specifically for vulnerability scanning on EC2 instances. It can generate reports on findings and integrate with Lambda for automation.

Leave a Reply

Your email address will not be published. Required fields are marked *

one + twenty =