CompTIA Security+ (SY0-601) — Question 385

A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the best solution to prevent this type of incident from occurring again?

Answer options

• A. Enforce the use of a controlled trusted source of container images.
• B. Deploy an IPS solution capable of detecting signatures of attacks targeting containers.
• C. Define a vulnerability scan to assess container images before being introduced on the environment.
• D. Create a dedicated VPC for the containerized environment.

Correct answer: A

Explanation

Option A is correct because using a controlled and trusted source for container images minimizes the risk of introducing vulnerabilities from unverified sources. Options B and C, while helpful in detection and assessment, do not prevent the initial introduction of vulnerabilities, and option D does not address the source of the container images.