ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A development team runs a fleet of Amazon EC2 instances in an Auto Scaling group. A new compliance mandate requires a weekly, authenticated operating-system vulnerability assessment that produces a report with CVSS scores and recommended remediations. The solution must minimize manual effort and integrate natively with other AWS security services for alerting. Which approach most effectively satisfies these requirements?
Schedule AWS Systems Manager Patch Manager to install all missing patches weekly and use its compliance dashboard as the required assessment.
Activate Amazon Inspector, ensure the AWS Systems Manager agent is installed on the instances, and review the automatically generated vulnerability findings each week.
Create an AWS Config managed rule to check patch compliance daily and export the rule evaluations as the vulnerability report.
Enable Amazon GuardDuty to analyze VPC Flow Logs and AWS CloudTrail events for potential threats on a weekly schedule.
Amazon Inspector is an AWS managed service that continuously and on-demand scans EC2 instances (using the installed Systems Manager agent) for known Common Vulnerabilities and Exposures. It generates detailed findings that include CVSS-based severity ratings and recommended remediation steps, and the results can be routed to AWS Security Hub or EventBridge for alerting-meeting the mandate with minimal operational overhead.
Amazon GuardDuty focuses on threat detection from log data and does not perform authenticated vulnerability scans. AWS Config patch-compliance rules and Systems Manager Patch Manager help track or deploy patches but do not generate CVSS-scored vulnerability reports. Therefore, enabling Amazon Inspector is the only option that fully addresses the stated compliance needs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does Amazon Inspector perform vulnerability assessments?
Open an interactive chat with Bash
What is a CVSS score and why is it important?
Open an interactive chat with Bash
How does Amazon Inspector integrate with other AWS security services?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .