AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
An ecommerce company uses Amazon Elastic Container Service (Amazon ECS) for deploying application containers, with container images stored in Amazon Elastic Container Registry (Amazon ECR). During a security audit, the team identifies issues in certain container images. They aim to implement continuous and on-push scanning for these images, requiring a solution that centralizes scan findings in a dashboard, excluding specific repositories from scanning. Which solution meets these criteria?
Explanation:
The correct answer is A. Amazon Inspector can be configured to continuously scan ECR repositories, and inclusion rules can be set up to specify which repositories are to be scanned. Additionally, Amazon Inspector findings can be pushed to AWS Security Hub, providing a centralized dashboard for viewing these findings along with other security-related information. This solution aligns with the requirement for continual and on-push scanning, centralized visibility, and the ability to exclude specific repositories from the scanning process.