A company has a set of EC2 Instances hosted in a VPC.
There is a requirement to perform a scan to see if there are any security vulnerabilities.
The check needs to be done as per the Industry standards of the “Center for Internet Security (CIS) Benchmarks”
Which of the following can help you achieve this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
The following are the rules packages available in Amazon Inspector.
· Common Vulnerabilities and Exposures.
· Center for Internet Security (CIS) Benchmarks.
· Security Best Practices.
· Runtime Behavior Analysis.
Hence, you can use the AWS Inspector service to scan the Instances for vulnerabilities based on this package.
Option A is incorrect since this can only give you various recommendations.
Option C is incorrect since this is a configuration service.
Option D is incorrect since this is a managed threat detection service.
For more information on AWS Inspector, please refer to the below URL-
https://docs.aws.amazon.com/inspector/latest/userguide/inspector_rule-packages.htmlTo perform a security scan for EC2 instances as per the "Center for Internet Security (CIS) Benchmarks," the recommended service is AWS Inspector.
AWS Inspector is a security assessment service that helps to improve the security and compliance of applications deployed on AWS. It provides automated security assessments of applications deployed on Amazon EC2 instances. AWS Inspector checks for common vulnerabilities such as insecure network protocols, remote code execution, and authentication and authorization issues, among others.
The CIS Benchmarks are widely accepted as the industry standard for best practices in security configuration. AWS Inspector supports CIS Benchmark assessments for various operating systems, including Amazon Linux, Ubuntu, and Microsoft Windows Server.
To use AWS Inspector, you need to install the AWS Inspector agent on your EC2 instances, which collects data about your instances' configuration, network traffic, and application data. AWS Inspector analyzes this data and generates a report that includes a list of security findings with recommendations for remediation.
AWS Trusted Advisor, AWS Config, and AWS GuardDuty are also valuable services for maintaining security and compliance on AWS, but they are not specifically designed for security assessments as per the CIS Benchmarks. AWS Trusted Advisor provides recommendations for optimizing your AWS infrastructure, AWS Config monitors resource inventory and configuration changes, and AWS GuardDuty detects and alerts on potential security threats in real-time.
In summary, to perform a security scan for EC2 instances as per the CIS Benchmarks, you should use AWS Inspector.