Amazon Inspector Usage
Question
To protect applications against security attacks and monitor the security state of AWS resources, you plan to configure several security tools in your AWS account, including Amazon Inspector and Amazon GuardDuty.
There are multiple requirements from the security team.
For which of the following requirements should Amazon Inspector be used?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A.
Option A is CORRECT because, in Amazon Inspector, users can include the Common Vulnerabilities and Exposures package in an assessment template:
Option B is incorrect because this belongs to an EC2 finding type in GuardDuty.
Please check for details.
Option C is incorrect because “VPC Flow Logs” is one of the data sources that GuardDuty uses to evaluate the EC2 security status.
This option belongs to the “UnauthorizedAccess:EC2/RDPBruteForce” finding type in GuardDuty.
Option D is incorrect because using GuardDuty, you can add trusted IP lists to stop alerts for these IPs, not with Amazon Inspector.
References:
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#cryptocurrency-ec2-bitcointoolb https://docs.aws.amazon.com/inspector/latest/userguide/inspector_cves.html, https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html
Amazon Inspector is a security assessment service that helps you identify security issues and vulnerabilities within your AWS resources. It analyzes your Amazon EC2 instances and other AWS resources and provides recommendations on how to improve your security posture. It is used to meet compliance requirements and is best suited for identifying CVEs on EC2 instances.
Option A is correct. Amazon Inspector should be used to verify whether EC2 instances in the AWS environment are exposed to common vulnerabilities and exposures (CVEs). It is designed to identify security vulnerabilities, deviations from security best practices, and potential security issues. It has a library of rules packages that can be used to assess the security configuration of your EC2 instances, including the presence of CVEs. Amazon Inspector provides actionable recommendations on how to mitigate the identified issues, and it can be integrated with other AWS services to automate the remediation process.
Option B is not correct. Amazon Inspector is not designed to detect or alert the team if an EC2 instance is querying an IP address that is associated with Bitcoin activities. To detect this, you should use a threat intelligence solution that can identify IP addresses that are associated with Bitcoin activities and alert the team accordingly.
Option C is not correct. While Amazon Inspector can be integrated with VPC flow logs to analyze network traffic patterns and identify potential security issues, it is not designed to check if an EC2 instance has been involved in RDP brute force attacks based on VPC flow logs. For this, you should use a log analysis tool that can analyze the VPC flow logs and detect patterns associated with RDP brute force attacks.
Option D is not correct. Amazon Inspector is designed to identify security issues and vulnerabilities, and it does not verify trusted IP lists for secure communication within AWS infrastructure. To achieve this, you should use AWS security groups, network ACLs, and other security mechanisms to control access to your AWS resources based on trusted IP lists.