CompTIA SecurityX (CAS-005) — Question 118

A DevOps engineer sets up a CI/CD pipeline to deploy application container images in the Kubernetes production environment. The security engineer wants to prevent the deployment of unsecured images. Which of the following security solutions should the engineer use in the pipeline to meet this objective?

Answer options

• A. Vulnerability scanning
• B. Static code analysis
• C. Trusted attestation
• D. Private repository

Correct answer: C

Explanation

The correct answer is C, Trusted attestation, as it ensures that only verified and trusted images are deployed, which is essential for maintaining security in a production environment. Options A, B, and D do not inherently guarantee that only secure images are used; vulnerability scanning identifies known flaws, static code analysis checks code quality, and a private repository restricts access but does not validate image security.