CompTIA A+ Core 1 (CA1-005) — Question 9

A company that uses containers to run its applications is required to identify vulnerabilities on every container image in a private repository. The security team needs to be able to quickly evaluate whether to respond to a given vulnerability. Which of the following will allow the security team to achieve the objective with the least effort?

Answer options

• A. SAST scan reports
• B. Centralized SBoM
• C. CIS benchmark compliance reports
• D. Credentialed vulnerability scan

Correct answer: B

Explanation

A Centralized SBoM (Software Bill of Materials) provides a comprehensive list of components and their vulnerabilities, allowing the security team to quickly assess risks with minimal effort. In contrast, SAST scan reports focus on source code rather than container images, CIS benchmark compliance reports address configuration rather than vulnerabilities, and credentialed vulnerability scans can be more complex and time-consuming to implement.