Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 32 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 32
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

An ecommerce company has a web application architecture that runs primarily on containers. The application containers are deployed on Amazon Elastic Container Service (Amazon ECS). The container images for the application are stored in Amazon Elastic Container Registry (Amazon ECR).
The company's security team is performing an audit of components of the application architecture. The security team identifies issues with some container images that are stored in the container repositories.
The security team wants to address these issues by implementing continual scanning and on-push scanning of the container images. The security team needs to implement a solution that makes any findings from these scans visible in a centralized dashboard. The security team plans to use the dashboard to view these findings along with other security-related findings that they intend to generate in the future. There are specific repositories that the security team needs to exclude from the scanning process.
Which solution will meet these requirements?

  • A. Use Amazon Inspector. Create inclusion rules in Amazon ECR to match repositories that need to be scanned. Push Amazon Inspector findings to AWS Security Hub.
  • B. Use ECR basic scanning of container images. Create inclusion rules in Amazon ECR to match repositories that need to be scanned. Push findings to AWS Security Hub.
  • C. Use ECR basic scanning of container images. Create inclusion rules in Amazon ECR to match repositories that need to be scanned. Push findings to Amazon Inspector.
  • D. Use Amazon Inspector. Create inclusion rules in Amazon Inspector to match repositories that need to be scanned. Push Amazon Inspector findings to AWS Config.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by angelsrp at Oct. 9, 2023, 9:11 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
AgboolaKun
Highly Voted 11 months, 3 weeks ago
Selected Answer: A
Amazon Inspector supports the configuration of inclusion rules to select which ECR repositories are scanned. Please see more information here - https://aws.amazon.com/inspector/faqs/
upvoted 6 times
...
jd_aws
Most Recent 1 month ago
Amazon Inspector provides a robust security assessment tool that can perform continuous and on-push scanning of container images stored in Amazon ECR. It integrates well with Amazon ECR, allowing for the detection of vulnerabilities and security issues within container images. Inclusion Rules in Amazon ECR: By configuring inclusion rules in Amazon ECR, the security team can specify which repositories should be scanned, allowing them to exclude certain repositories from the scanning process as required. Option : A
upvoted 1 times
...
Raphaello
7 months, 2 weeks ago
Selected Answer: A
For continual and on-push scanning, use Amazon Inspector. Push findings to Security Hub.
upvoted 1 times
...
Aamee
10 months, 3 weeks ago
Selected Answer: A
Def. it's A as per the features described for Amazon Inspector here: https://aws.amazon.com/inspector/faqs/
upvoted 1 times
...
kejam
11 months ago
Selected Answer: A
Answer A Inspector can continuously scan ECR and send findings to Security Hub https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html
upvoted 1 times
...
bannium
11 months, 1 week ago
Selected Answer: A
using Amazon ECR integrates with Amazon Inspector with filters https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html#image-scanning-filters
upvoted 2 times
...
bengalister
11 months, 1 week ago
Answer A Amazon inspector can definitely scan ECR repositories https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html
upvoted 2 times
...
pupsik
11 months, 2 weeks ago
Selected Answer: B
Inspector scans EC2 instances.
upvoted 2 times
lightrod
8 months ago
it can scan ec2, ecr, and lambda
upvoted 1 times
...
...
angelsrp
12 months ago
B ECR does provide basic image scanning functionality, which can detect software vulnerabilities in your container images. AWS Security Hub provides a centralized view for security alert and compliance posture across AWS accounts. This solution seems to meet the requirements. Amazon Inspector is used for analyzing EC2 instances and identifying potential security vulnerabilities, but not for container images.
upvoted 2 times
Daniel76
9 months, 1 week ago
ECR basic scanning only can be configured to on push, or do manual. it does not support continously scan as required. ECR enhanced scanning integrates with AWS Inspector - so yes it covers not just EC2 instance but container.
upvoted 2 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel