A DevOps Engineer just joined a new company that is already running workloads on Amazon EC2 instances. AWS has been adopted incrementally with no central governance. The Engineer must now assess how well the existing deployments comply with the following requirements:

• EC2 instances are running only approved AMIs.
• Amazon EBS volumes are encrypted.
• EC2 instances have an Owner tag.
• Root login over SSH is disabled on EC2 instances.

Which services should the Engineer use to perform this assessment with the LEAST amount of effort? (Choose two.)

A. AWS Config
B. Amazon GuardDuty
C. AWS System Manager
D. AWS Directory Service
E. Amazon Inspector