Answer – A
The AWS Documentation mentions the following.
Performing network security assessments allow you to understand your cloud infrastructure and identify risks, but this process traditionally takes a lot of time and effort. You might need to run network port-scanning tools to test routing and firewall configurations, then validate what processes are listening on your instance network ports before finally mapping the IPs identified in the port scan back to the host’s owner. To make this process simpler for our customers, AWS recently released the Network Reachability rules package in Amazon Inspector, our automated security assessment service that enables you to understand and improve the security and compliance of applications deployed on AWS.
Option C is incorrect since this cannot be used for port scans.
Options B and D are incorrect since these tools cannot be used for port scans.
For more information on port scanning using Inspector, please refer to the below URL
https://aws.amazon.com/blogs/security/amazon-inspector-assess-network-exposure-ec2-instances-aws-network-reachability-assessments/