The security team would like to improve its infrastructure security. They would like to verify whether the EC2 instances in your AWS accounts are exposed to common vulnerabilities and exposures (CVEs). What service can the team use to ensure compliance with this requirement?

Answer options:

A.Run Amazon Inspector assessment using the common vulnerabilities and exposures rule package.
B.Configure Amazon GuardDuty threat detection analysis to target EC2 instances.
C.Configure Amazon Trusted Advisor Security report to target EC2 instances.
D.Execute Amazon Systems Manager Run Command AWS-LinuxDisableSpecialServices document.

Answer: A
Option A is CORRECT because Amazon Inspector can utilize AWS agents installed on EC2 instance hosts to run rules packages, including common vulnerabilities and exposures. The rule package can verify if EC2 instances are exposed to CVEs.
Option B is incorrect because GuardDuty analyses event log data to perform threat level analysis. It does not perform host-level checks.
Option C is incorrect because Trusted Advisor security checks do not perform any EC2 instance host-level checks.
Option D is incorrect because there is no AWS-LinuxDisableSpecialServices run command document.
Reference:
https://docs.aws.amazon.com/inspector/latest/userguide/inspector_cves.html