Which solution will meet these requirements?
Use AWS Systems Manager to detect vulnerabilities on the EC2 instances. Install the Amazon Kinesis Agent to capture system logs and deliver them to Amazon S3.
Use AWS Systems Manager to detect vulnerabilities on the EC2 instances. Install the Systems Manager Agent to capture system logs and view login activity in the CloudTrail console.
Configure Amazon CloudWatch to detect vulnerabilities on the EC2 instances. Install the AWS Config daemon to capture system logs and view them in the AWS Config console.
Configure Amazon Inspector to detect vulnerabilities on the EC2 instances. Install the Amazon CloudWatch Agent to capture system logs and record them via Amazon CloudWatch Logs.
Explanations:
AWS Systems Manager does not directly detect vulnerabilities; it focuses on managing configurations and automating tasks. The Kinesis Agent is not suitable for capturing system logs in this context, and it doesn’t help with vulnerability scanning.
AWS Systems Manager does not perform vulnerability scanning. The Systems Manager Agent captures system logs, but it doesn’t provide detailed information about vulnerabilities or login activities.
Amazon CloudWatch does not detect vulnerabilities. AWS Config is for configuration tracking, not system log capture or vulnerability detection. This combination doesn’t meet the requirements.
Amazon Inspector is a vulnerability management service that can detect vulnerabilities on EC2 instances. The CloudWatch Agent is designed to capture and deliver system logs, which can then be analyzed via CloudWatch Logs, helping with auditing login activity.
I plot that the answer is:
Configure Amazon Inspector to detect vulnerabilities on the EC2 instances. Install the Amazon CloudWatch Agent to capture system logs and record them via Amazon CloudWatch Logs.