Prisma Certified Cloud Security Engineer (PCCSE) — Question 233

The development team wants to fail CI jobs where a specific CVE is contained within the image.
How should the development team configure the pipeline or policy to produce this outcome?

Answer options

• A. Set the specific CVE exception as an option in Jenkins or twistcli.
• B. Set the specific CVE exception as an option in Defender running the scan.
• C. Set the specific CVE exception as an option using the magic string in the Console.
• D. Set the specific CVE exception in Console's CI policy.

Correct answer: D

Explanation

The correct answer is D because setting the specific CVE exception in the Console's CI policy directly affects the CI jobs, ensuring they fail if the CVE is present. Options A, B, and C do not establish a direct link to failing CI jobs in the pipeline, as they address different parts of the process or tools that do not control job failures.