An ecommerce company has a web application architecture that runs primarily on containers…

Question

An ecommerce company has a web application architecture that runs primarily on containers. The application containers are deployed on Amazon Elastic Container Service (Amazon ECS). The container images for the application are stored in Amazon Elastic Container Registry (Amazon ECR).
The company's security team is performing an audit of components of the application architecture. The security team identifies issues with some container images that are stored in the container repositories.
The security team wants to address these issues by implementing continual scanning and on-push scanning of the container images. The security team needs to implement a solution that makes any findings from these scans visible in a centralized dashboard. The security team plans to use the dashboard to view these findings along with other security-related findings that they intend to generate in the future. There are specific repositories that the security team needs to exclude from the scanning process.
Which solution will meet these requirements?

Accepted Answer

Correct answer: A. A. Use Amazon Inspector. Create inclusion rules in Amazon ECR to match repositories that need to be scanned. Push Amazon Inspector findings to AWS Security Hub. — The correct answer is A because Amazon Inspector provides the capability to perform detailed security assessments and integrates with AWS Security Hub for centralized visibility of findings. Options B and C utilize ECR's basic scanning, which does not meet the requirement for a centralized dashboard, and D incorrectly directs findings to AWS Config, which does not serve the purpose of centralized security findings management.

AWS Certified Security – Specialty (SCS-C02) — Question 27

Answer options

Correct answer: A

Explanation