Q74 — AWS DOP-C02 Ch.1

Question 74 of 100 | ← Chapter 1

A company wants to ensure its EC2 instances are secure. It wants to detect new vulnerabilities on the instances and receive notifications, and it also wants to audit login activities on the instances.

Correct Answer: D. Configure Amazon Inspector to detect vulnerabilities on EC2 instances. Install the Amazon CloudWatch Agent to capture system logs and publish them via Amazon CloudWatch Logs.

Explanation

Option D is correct because: Vulnerability detection: Amazon Inspector is purpose-built to automatically assess EC2 instances for security vulnerabilities and produce actionable findings. Log capture: The Amazon CloudWatch Agent reliably collects system logs—including authentication events—enabling comprehensive audit trails. Centralized management: CloudWatch Logs provides scalable, searchable, and compliant log storage and analysis, fulfilling both security monitoring and audit requirements.