In order to improve the security of applications deployed on your company’s AWS platform, you are configuring AWS Inspector to continually assess EC2 instances (both Linux and Windows) to see if there are security related vulnerabilities and then get the potential issues fixed in time.

Answer options:

A.The security group in the EC2 instances should allow SSH port 22.
B.All EC2 instances need to have the AWS Systems Manager (SSM) Agent installed.
C.All EC2 instances should have AWS CLI commands preinstalled.
D.The EC2 instances need to configure an IAM role to have the AWS Inspector full access.
E.The EC2 instances should have a role to allow SSM Run Command.

Correct Answer – B, E
Amazon Inspector is an AWS tool to perform security assessments of Amazon EC2 instances using AWS managed rules packages. Refer to https://aws.amazon.com/inspector/ for its details.
In order for AWS Inspector to work properly, the AWS Inspector agents need to be installed first. The “Install Agents” option can also be selected so that the agents are installed automatically as below:
Option A is incorrect: Because there is no security group requirement to generate the Inspector assessment report.
Option B is CORRECT: Because SSM Agent is used to install the Inspector Agent so that this option is a must.
Option C is incorrect: Because AWS CLI is not a necessary option.
Option D is incorrect: Although this option provides the Amazon Inspector access for EC2, it does not help Inspector agent installation in the EC2 instance itself. 
Option E is CORRECT: Because SSM Agent needs to execute "Run Command" to install the Amazon Inspector agent. So the instance role needs the permission to allow SSM Run Command.