nerdexam
Palo_Alto_Networks

PCCSE · Question #82

A customer is deploying Defenders to a Fargate environment It wants to understand the vulnerabilities in the images it is deploying. How should the customer automate vulnerability scanning for images

The correct answer is A. Embed a Fargate Defender to automatically scan for vulnerabilities. AWS Fargate is a serverless container runtime where you do not have access to the underlying host, making traditional host-based Defender deployments impossible. Prisma Cloud addresses this by allowing a Fargate Defender to be embedded directly into the task definition/container

Serverless Security

Question

A customer is deploying Defenders to a Fargate environment It wants to understand the vulnerabilities in the images it is deploying. How should the customer automate vulnerability scanning for images deployed to Fargate?

Options

  • AEmbed a Fargate Defender to automatically scan for vulnerabilities
  • BUse Cloud Compliance to identify misconfigured AWS accounts
  • CSet up a vulnerability scanner on the registry
  • DDesignate a Fargate Defender to serve a dedicated image scanner

How the community answered

(57 responses)
  • A
    77% (44)
  • B
    5% (3)
  • C
    14% (8)
  • D
    4% (2)

Explanation

AWS Fargate is a serverless container runtime where you do not have access to the underlying host, making traditional host-based Defender deployments impossible. Prisma Cloud addresses this by allowing a Fargate Defender to be embedded directly into the task definition/container image. Once embedded, the Defender automatically runs vulnerability scanning on the image at runtime. Option B (Cloud Compliance) is about misconfiguration checks, not vulnerability scanning. Option C (registry scanner) scans images at rest in a registry but is not specific to Fargate deployment automation. Option D (dedicated image scanner Defender) is not a valid Fargate deployment model - Fargate Defenders must be embedded per-task, not designated as standalone scanners.

Topics

#Fargate Security#Container Vulnerability Scanning#Prisma Cloud Defenders#Runtime Security

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice