Amazon Inspector is a vulnerability management service that continuously scans the AWS workloads for vulnerabilities
Inspector automatically discovers and scans EC2 instances and container images residing in Elastic Container Registry (ECR) for software vulnerabilities and unintended network exposure.
Inspector creates a finding, when a software vulnerability or network issue is discovered, that describes the vulnerability, rates its severity, identifies the affected resource, and provides remediation guidance.
Inspector is a Regional service.
Inspector requires Systems Manager (SSM) agent to be installed and enabled.
AWS Inspector Features
Continuously scan environments for vulnerabilities and network exposure
Inspector automatically discovers and begins scanning the eligible resources without the need to manually schedule or configure assessment scans.
Assess vulnerabilities accurately with the Amazon Inspector Risk score
Inspector collects information about the environment through scans, it provides severity scores specifically tailored to the environment.
Identify high-impact findings with the Amazon Inspector dashboard
Amazon Inspector dashboard offers a high-level view of findings from across your environment.
Manage your findings using customisable views
Inspector console offers a Findings view
Users can use filters and suppression rules to generate customised finding reports
Monitor and process findings with other services and systems
Inspector publishes findings to
EventBridge, which can then be monitored and processed in near-real time as part of the existing security and compliance workflows or routed to SNS, Lambda etc.
Inspector Finding Types
Package vulnerability findings identify software packages in the environment that are exposed to common vulnerabilities and exposures (CVEs).
Package vulnerability findings are generated for both EC2 instances and ECR container images.
Network reachability findings indicate that there are allowed network paths to Amazon EC2 instances in your environment.
Network reachability findings are only generated for EC2 resources.
AWS Certification Exam Practice Questions
Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
Open to further feedback, discussion and correction.
Which of the following services allows you to analyze EC2 Instances against pre-defined security templates to check for vulnerabilities?
AWS Trusted Advisor
Your company has a set of AWS resources which consists of EC2 Instances. The Security departments need to run vulnerability analysis on these machines to ensure that the Instances comply with the latest security standards. Which of the following would you implement for this requirement?