PCCSE · Question #82
A customer is deploying Defenders to a Fargate environment It wants to understand the vulnerabilities in the images it is deploying. How should the customer automate vulnerability scanning for images
The correct answer is A. Embed a Fargate Defender to automatically scan for vulnerabilities. AWS Fargate is a serverless container runtime where you do not have access to the underlying host, making traditional host-based Defender deployments impossible. Prisma Cloud addresses this by allowing a Fargate Defender to be embedded directly into the task definition/container
Question
A customer is deploying Defenders to a Fargate environment It wants to understand the vulnerabilities in the images it is deploying. How should the customer automate vulnerability scanning for images deployed to Fargate?
Options
- AEmbed a Fargate Defender to automatically scan for vulnerabilities
- BUse Cloud Compliance to identify misconfigured AWS accounts
- CSet up a vulnerability scanner on the registry
- DDesignate a Fargate Defender to serve a dedicated image scanner
How the community answered
(57 responses)- A77% (44)
- B5% (3)
- C14% (8)
- D4% (2)
Explanation
AWS Fargate is a serverless container runtime where you do not have access to the underlying host, making traditional host-based Defender deployments impossible. Prisma Cloud addresses this by allowing a Fargate Defender to be embedded directly into the task definition/container image. Once embedded, the Defender automatically runs vulnerability scanning on the image at runtime. Option B (Cloud Compliance) is about misconfiguration checks, not vulnerability scanning. Option C (registry scanner) scans images at rest in a registry but is not specific to Fargate deployment automation. Option D (dedicated image scanner Defender) is not a valid Fargate deployment model - Fargate Defenders must be embedded per-task, not designated as standalone scanners.
Topics
Community Discussion
No community discussion yet for this question.