AWS Inspector vs AWS Trusted Advisor

Question 1

What is AWS Inspector?

Answer 1

An automated security assessment service that helps improve security and compliance of applications deployed on AWS.

Question 2

After performing an assessment, what will AWS Inspector provide?

Answer 2

A detailed list of security findings prioritized by level of severity.

Question 3

How can AWS Inspector findings be reviewed?

Answer 3

Directly after an assessment, or as part of detailed assessment reports.

Question 4

How can you reach AWS Inspector’s detailed assessment reports?

Answer 4

Either through the Inspector console or via API.

Question 5

What are the steps in running an Inspector assessment?

Answer 5

1. Create an assessment target
2. Install agents on the EC2 instances
3. Create an Assessment template
4. Perform the assessment run
5. Review the findings against the rules.

Question 6

Under what menu can you find Inspector?

Answer 6

Security, Identity & Compliance

Question 7

Under what menu can you find Trusted Advisor?

Answer 7

Management Tools

Question 8

For the exam, what is an easy way to distinguish against questions that are relevant to Inspector vs Trusted Advisor?

Answer 8

If the question is around security reporting, it’s most likely about AWS Inspector. If it’s about management (cost savings, etc) it’s Trusted Advisor.

Question 9

True or False: For security reasons, inpsector has access to all of your resource by default to complete assessments?

Answer 9

False. It’s the resources that require an inspector role.

Question 10

what policy ‘action’ does AWS Inspector need to complete assessments?

Answer 10

ec2:DescribeInstances

Question 11

Similar to Systems Manager, you can run inspections either by manual selection, or through tagging.

Answer 11

False. Inspector requires tagging.

Question 12

True or false, Inspector is an agentless service?

Answer 12

False: It requires an agent installed on each instance to be reviewed.

Question 13

The easiest way to install the agent on a fleet of EC2 instances is by logging into each instance and running the install CLI command?

Answer 13

False: Use Systems Manager Run Commands.

Question 14

What are the 4 rules packages you can run in AWS Inspector?

Answer 14

1. Security Best Practices
2. Runtime Behavior Analysis
3. Common Vulnerabilities and Exposures
4. CIS Operating System Security Configuration Benchmark

Question 15

Instead of running an assessment against a production instance, what other method might you consider?

Answer 15

Create an AMI of the instance, deploy it in another AZ and run the assessment there.

Question 16

What is the main benefit of running an assessment on a clone of your production environments?

Answer 16

Reduced strain on resources

Question 17

True or false, each assessment takes one hour to complete?

Answer 17

False: You can choose the assessment length.

Question 18

What assessment length options can you choose?

Answer 18

15 minutes
1 hour
8 hours
12 hours
24 hours

Question 19

True or False: The assessment length is tied specifically to a rule?

Answer 19

False. 1 hours is the generic minimum recommendation. However if you’re running multiple rules, you should choose additional time, up to 24 hours for all the rules.

Question 20

What is Trusted Advisor?

Answer 20

An online resource to help you reduce cost, increase performance, and improve security through environment optimization.

Question 21

What 4 areas will trusted advisor advise you on?

Answer 21

Cost optimization
Performace
Security
Fault Tolerance

Question 22

True or False: Trusted Advisor is more targeted towards business and enterprise customers?

Answer 22

True: While Basic Trusted Advisor will provide some guidance, to get full use you must be a business or enterprise customer.

Question 23

Since trusted advisor and Inspector both offer security related guidance, how can you distinguish between questions geared towards TA, vs Inspector?

Answer 23

For security, trusted advisor will give you advice on your environment such as security groups, and MFA. Inspector will giv detailed reports on your EC2 instances themselves and provide comprehensive details about software versions, applications, etc.

Question 24

What are the severity levels of AWS Inspector reports?

Answer 24

High
Medium
Low
Informational

Question 25

What does the inspector agent monitor?

Answer 25

The network, file system, and process activity

Question 26

What does Inspector compare?

Answer 26

What is sees against the security rules defined in the assessment.