AWS Certified Cloud Practitioner

Explanation

Correct Answer: B) AWS Inspector

AWS Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It performs automated security assessments to identify security vulnerabilities, deviations from best practices, and provides recommendations for remediation.

Why AWS Inspector is correct:

1. Security Recommendations: AWS Inspector specifically focuses on security assessments and provides recommendations for security improvements
2. Unprotected S3 Buckets: Inspector can identify publicly accessible S3 buckets and other security misconfigurations
3. Security Best Practices: It checks for deviations from security best practices across AWS resources

Why AWS CloudTrail is incorrect:

• AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account
• It logs API calls and user activity but does not provide security or cost optimization recommendations
• CloudTrail is for monitoring and auditing, not for providing recommendations

Additional Context: For cost optimization recommendations specifically (like unused EC2 instances), AWS provides:

• AWS Cost Explorer for cost analysis and visualization
• AWS Trusted Advisor which provides recommendations across cost optimization, security, fault tolerance, performance, and service limits
• AWS Compute Optimizer specifically for EC2 instance right-sizing recommendations

However, the question specifically mentions "security and cost optimization recommendations" including "unprotected S3 buckets," which aligns more closely with AWS Inspector's security assessment capabilities.