Answer-first summary for fast verification
Answer: Pull images from the public container registry. Publish the images to Amazon Elastic Container Registry (Amazon ECR) repositories with scan on push configured in a centralized AWS account. Use a CI/CD pipeline to deploy the images to different AWS accounts. Use repository policies and identity-based policies to restrict access to which IAM principals and accounts can access the images.
The correct answer is C. Amazon Elastic Container Registry (ECR) with scan on push provides an integrated vulnerability scanning solution to ensure that container images are free from severe vulnerabilities. By publishing the images to ECR repositories in a centralized AWS account and configuring scan on push, the company can automatically scan images for vulnerabilities upon pushing them. Additionally, using a CI/CD pipeline to deploy the images to different AWS accounts ensures streamlined and consistent deployment. Repository policies and identity-based policies can then restrict access to the images to specific IAM roles and accounts, providing both security and ease of management.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is utilizing Amazon Elastic Container Service (Amazon ECS) for their containerized application on AWS. They require assurance that the container images are free from critical vulnerabilities and that access to these images is restricted to specific IAM roles and AWS accounts. What solution provides the least management overhead while meeting these security requirements?
A
Pull images from the public container registry. Publish the images to Amazon Elastic Container Registry (Amazon ECR) repositories with scan on push configured in a centralized AWS account. Use a CI/CD pipeline to deploy the images to different AWS accounts. Use identity-based policies to restrict access to which IAM principals can access the images.
B
Pull images from the public container registry. Publish the images to a private container registry that is hosted on Amazon EC2 instances in a centralized AWS account. Deploy host-based container scanning tools to EC2 instances that run Amazon ECS. Restrict access to the container images by using basic authentication over HTTPS.
C
Pull images from the public container registry. Publish the images to Amazon Elastic Container Registry (Amazon ECR) repositories with scan on push configured in a centralized AWS account. Use a CI/CD pipeline to deploy the images to different AWS accounts. Use repository policies and identity-based policies to restrict access to which IAM principals and accounts can access the images.
D
Pull images from the public container registry. Publish the images to AWS CodeArtifact repositories in a centralized AWS account. Use a CI/CD pipeline to deploy the images to different AWS accounts. Use repository policies and identity-based policies to restrict access to which IAM principals and accounts can access the images.