A Telecom Company has implemented a large number of mobile VAS services on EC2 instances in the US-East region. These are accessed by mobile subscribers globally for add-on services. These are critical applications that can impact huge financial loss if any service is compromised. Each of these applications is procured from different vendors. Security Audit Team requires to perform application vulnerability scrutiny on these EC2 servers to determine any security loopholes. Which of the following AWS services can be used to assess the vulnerability of applications installed on Amazon EC2 instance with the least cost & effort?

Answer options:

A.Use Amazon Inspector to assess the vulnerability of installed applications on an EC2 instance.
B.Use Amazon Macie to assess the vulnerability of installed applications on EC2.
C.Use Amazon GuardDuty to assess the vulnerability of installed applications on EC2.
D.Use Third-party security agents on Amazon EC2 instance to assess the vulnerability of installed applications.

Correct Answer – A
Amazon Inspector can be used to test application vulnerability & check security compliance for applications on Amazon EC2 instance.
Option B is incorrect as Amazon Macie can be used to detect sensitive data in Amazon S3 & not for assessing vulnerabilities on Amazon EC2 instance.
Option C is incorrect as Amazon GuardDuty can detect malicious IP address assessing applications using AWS CloudTrail, VPC Flow Logs, and DNS Logs.
Option D is incorrect as third-party security agents will incur additional costs.
For more information on using Amazon Inspector, refer to the following URL
https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html