The security engineer is managing a traditional three-tier web application that is running on Amazon EC2 instances. The application has become the target of increasing numbers of malicious attacks from the internet.
What steps should the security engineer take to check for known vulnerabilities and limit the attack surface? (Choose two.)
To check for known vulnerabilities, the security engineer should use Amazon Inspector, which is designed to periodically scan instances for vulnerabilities and compliance. To limit the attack surface, the engineer should review the application security groups to ensure that only the necessary ports are open, thereby minimizing the potential entry points for attacks.
Security groups for reducing the attack surface, Amazon Inspector to scan for and mitigate known vulnerabilities
correct
B D. Moderator, please correct the default answers
B and D , self-explanatory..
Security group and inspector is good answer