exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 32 discussion

An ecommerce company has a web application architecture that runs primarily on containers. The application containers are deployed on Amazon Elastic Container Service (Amazon ECS). The container images for the application are stored in Amazon Elastic Container Registry (Amazon ECR).
The company's security team is performing an audit of components of the application architecture. The security team identifies issues with some container images that are stored in the container repositories.
The security team wants to address these issues by implementing continual scanning and on-push scanning of the container images. The security team needs to implement a solution that makes any findings from these scans visible in a centralized dashboard. The security team plans to use the dashboard to view these findings along with other security-related findings that they intend to generate in the future. There are specific repositories that the security team needs to exclude from the scanning process.
Which solution will meet these requirements?

  • A. Use Amazon Inspector. Create inclusion rules in Amazon ECR to match repositories that need to be scanned. Push Amazon Inspector findings to AWS Security Hub.
  • B. Use ECR basic scanning of container images. Create inclusion rules in Amazon ECR to match repositories that need to be scanned. Push findings to AWS Security Hub.
  • C. Use ECR basic scanning of container images. Create inclusion rules in Amazon ECR to match repositories that need to be scanned. Push findings to Amazon Inspector.
  • D. Use Amazon Inspector. Create inclusion rules in Amazon Inspector to match repositories that need to be scanned. Push Amazon Inspector findings to AWS Config.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
AgboolaKun
Highly Voted 1 year, 1 month ago
Selected Answer: A
Amazon Inspector supports the configuration of inclusion rules to select which ECR repositories are scanned. Please see more information here - https://aws.amazon.com/inspector/faqs/
upvoted 7 times
...
IPLogic
Most Recent 2 days, 8 hours ago
Selected Answer: A
To meet the requirements of continual scanning and on-push scanning of container images, and to make the findings visible in a centralized dashboard, option A is the most suitable solution. Here's why: Using Amazon Inspector for scanning container images stored in Amazon ECR provides automated, continuous scanning for vulnerabilities. By creating inclusion rules in Amazon ECR to match the repositories that need to be scanned, you can ensure that only the relevant repositories are included in the scanning process. Pushing Amazon Inspector findings to AWS Security Hub allows for centralized visibility of these findings along with other security-related findings, providing a comprehensive dashboard for the security team
upvoted 1 times
...
[Removed]
3 months ago
Amazon Inspector provides a robust security assessment tool that can perform continuous and on-push scanning of container images stored in Amazon ECR. It integrates well with Amazon ECR, allowing for the detection of vulnerabilities and security issues within container images. Inclusion Rules in Amazon ECR: By configuring inclusion rules in Amazon ECR, the security team can specify which repositories should be scanned, allowing them to exclude certain repositories from the scanning process as required. Option : A
upvoted 1 times
...
Raphaello
9 months, 2 weeks ago
Selected Answer: A
For continual and on-push scanning, use Amazon Inspector. Push findings to Security Hub.
upvoted 1 times
...
Aamee
1 year ago
Selected Answer: A
Def. it's A as per the features described for Amazon Inspector here: https://aws.amazon.com/inspector/faqs/
upvoted 1 times
...
kejam
1 year ago
Selected Answer: A
Answer A Inspector can continuously scan ECR and send findings to Security Hub https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html
upvoted 1 times
...
bannium
1 year, 1 month ago
Selected Answer: A
using Amazon ECR integrates with Amazon Inspector with filters https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html#image-scanning-filters
upvoted 2 times
...
bengalister
1 year, 1 month ago
Answer A Amazon inspector can definitely scan ECR repositories https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html
upvoted 2 times
...
pupsik
1 year, 1 month ago
Selected Answer: B
Inspector scans EC2 instances.
upvoted 2 times
lightrod
10 months ago
it can scan ec2, ecr, and lambda
upvoted 2 times
...
...
angelsrp
1 year, 1 month ago
B ECR does provide basic image scanning functionality, which can detect software vulnerabilities in your container images. AWS Security Hub provides a centralized view for security alert and compliance posture across AWS accounts. This solution seems to meet the requirements. Amazon Inspector is used for analyzing EC2 instances and identifying potential security vulnerabilities, but not for container images.
upvoted 2 times
Daniel76
11 months, 1 week ago
ECR basic scanning only can be configured to on push, or do manual. it does not support continously scan as required. ECR enhanced scanning integrates with AWS Inspector - so yes it covers not just EC2 instance but container.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...