ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company operates 150 Amazon EC2 instances spread across several AWS accounts that are all part of one AWS Organization. Policy mandates that every new instance must be discovered automatically and scanned for operating-system and application vulnerabilities within 24 hours, and that all findings be consolidated in a central security account with as little manual effort as possible. Which solution BEST satisfies these requirements while maintaining an accurate asset inventory?
Enable Amazon Inspector across the AWS Organization, designate the security account as the delegated administrator, and rely on its continuous EC2 scanning and inventory integration.
Create AWS Config rules that check each instance for required tags and IAM role compliance, then export rule evaluation reports to the security account.
Activate AWS GuardDuty in every account and forward all threat detection findings to the security account for centralized review.
Install a third-party vulnerability scanner on each instance via user data, schedule weekly cron jobs, and email the CSV results to the security team.
Enabling Amazon Inspector across the Organization allows continuous, automated discovery of new EC2 instances through its integration with AWS Systems Manager inventory. Inspector runs vulnerability scans without requiring agents to be managed manually and automatically sends consolidated findings to the designated delegated-admin (security) account, meeting the 24-hour window and minimizing operational overhead.
A third-party scanner deployed via cron provides scanning but does not automatically discover new instances or centralize findings without additional scripting and administration. GuardDuty focuses on threat detection from log sources such as VPC Flow Logs and CloudTrail; it does not perform CVE-based vulnerability assessments. AWS Config rules monitor configuration compliance, not software vulnerabilities, so they cannot meet the scanning requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon Inspector and what role does it play in EC2 instance vulnerability scanning?
Open an interactive chat with Bash
What is the AWS Organization and how does it simplify centralized security management?
Open an interactive chat with Bash
How does Amazon Inspector differ from AWS Config and AWS GuardDuty in terms of vulnerability scanning?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .