Microsoft Certified: Identity and Access Administrator (SC-300) 2025 – 400 Free Practice Questions to Pass the Exam

The correct answer is Amazon Inspector, as it is specifically designed to automate the detection of vulnerabilities in AWS resources. Amazon Inspector performs security assessments on applications deployed in AWS. It evaluates the security state of your AWS resources by scanning for vulnerabilities, providing detailed findings, and suggesting remediation steps. This service focuses on identifying potential security issues in various environments, including EC2 instances and container images, making it an essential tool in maintaining the security posture of your applications.

In contrast, other services have different primary functions. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior instead of specifically detecting vulnerabilities. AWS Shield is a managed DDoS protection service that safeguards applications against distributed denial-of-service attacks, not vulnerability detection. AWS Config provides a service that enables you to assess, audit, and evaluate the configurations of your AWS resources but does not focus solely on identifying vulnerabilities. By understanding these distinctions, it's clear why Amazon Inspector is the appropriate choice for automating the detection of vulnerabilities in AWS resources.