ACorrect
Amazon Macie — Detects and classifies sensitive data (such as PII) in Amazon S3.
This is correct. Amazon Macie uses machine learning to detect and classify sensitive data in Amazon S3.
Which TWO combinations of AWS security service and its primary role are correct? (Choose TWO.)
1 / 1
Select all that apply
CorrectA, C
Explanation
A question asking to select the two correct security service and role pairings.
- 1「security service and its primary role」Correctly map the roles of Macie, Inspector, Security Hub, Secrets Manager, and KMS
BIncorrect
Amazon Inspector — Aggregates findings from multiple services for centralized management.
Aggregating findings from multiple services for centralized management is the role of AWS Security Hub.
Inspector is a vulnerability scanning service, so this combination is incorrect.
CCorrect
Amazon Inspector — Scans Amazon EC2 instances and container images for vulnerabilities.
This is correct. Amazon Inspector automatically scans EC2 instances, container images, and AWS Lambda for known vulnerabilities and assesses them.
DIncorrect
AWS Secrets Manager — Creates and manages encryption keys for data in Amazon S3 and Amazon EBS.
Creating and managing data encryption keys for Amazon S3 and Amazon EBS is the role of AWS KMS.
AWS Secrets Manager handles storing and rotating secrets such as database credentials and API keys and is not the infrastructure for managing encryption keys, so this is incorrect.
EIncorrect
Amazon GuardDuty — Scans Amazon EC2 instances and container images for vulnerabilities.
Scanning EC2 instances and container images for vulnerabilities is the role of Amazon Inspector.
Amazon GuardDuty is a service that continuously analyzes logs to detect threats (suspicious activity), so this combination is incorrect.
Key Takeaway
Role mapping: Macie = sensitive data detection / Inspector = vulnerability scanning / Security Hub = aggregation of findings / Secrets Manager = secret storage / KMS = key management. Confusing names and roles is the common trap.