Prisma Certified Cloud Security Engineer (PCCSE) — Question 20

A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.
How should the customer automate vulnerability scanning for images deployed to Fargate?

Answer options

• A. Set up a vulnerability scanner on the registry
• B. Embed a Fargate Defender to automatically scan for vulnerabilities
• C. Designate a Fargate Defender to serve a dedicated image scanner
• D. Use Cloud Compliance to identify misconfigured AWS accounts

Correct answer: B

Explanation

The correct answer is B because embedding a Fargate Defender allows for automatic scanning of vulnerabilities in the images deployed. Option A, while useful, does not provide automation specifically for Fargate environments. Option C suggests a dedicated image scanner, which is unnecessary when a Defender can automate the process. Option D is unrelated to image vulnerability scanning.