CompTIA SecurityX (CAS-005) — Question 131

A security engineer is assisting a DevOps team that has the following requirements for container images:

• Ensure container images are hashed and use version controls.
• Ensure container images are up to date and scanned for vulnerabilities.

Which of the following should the security engineer do to meet these requirements?

Answer options

• A. Enable clusters on the container image and configure the mesh with ACLs.
• B. Enable new security and quality checks within a CI/CD pipeline.
• C. Enable audits on the container image and monitor for configuration changes.
• D. Enable pulling of the container image from the vendor repository and deploy directly to operations.

Correct answer: B

Explanation

The correct answer is B because enabling new security and quality checks within a CI/CD pipeline ensures that container images are both up to date and scanned for vulnerabilities during the build process. Options A, C, and D do not specifically address the need for ongoing updates and vulnerability scanning within the CI/CD workflow.