PT0-003 · Question #273
PT0-003 Question #273: Real Exam Question with Answer & Explanation
The correct answer is D: Trivy. Explanation Trivy is the ideal tool for scanning container orchestration environments (like Kubernetes) because it is purpose-built for container and cloud-native security, capable of scanning container images, filesystems, Infrastructure as Code (IaC) configurations, and Kuberne
Question
A penetration tester is getting ready to conduct a vulnerability scan to evaluate an environment that consists of a container orchestration cluster. Which of the following tools would be best to use for this purpose?
Options
- ANSE
- BNessus
- CCME
- DTrivy
Explanation
Explanation
Trivy is the ideal tool for scanning container orchestration environments (like Kubernetes) because it is purpose-built for container and cloud-native security, capable of scanning container images, filesystems, Infrastructure as Code (IaC) configurations, and Kubernetes clusters for vulnerabilities, misconfigurations, and exposed secrets.
NSE (Nmap Scripting Engine) is a network scanning extension for Nmap focused on port/service discovery and network-level vulnerabilities - not container-specific security assessments. Nessus is a comprehensive vulnerability scanner well-suited for traditional infrastructure, but lacks the deep, native container and Kubernetes-specific scanning capabilities that Trivy provides. CME (CrackMapExec) is a post-exploitation and lateral movement tool primarily designed for Active Directory environments, making it completely irrelevant for container vulnerability scanning.
🧠 Memory Tip: Think "Trivy = Trivially easy container scanning" - the name itself hints at its lightweight, container-focused design. When you see containers or orchestration (Kubernetes/Docker) in an exam question, Trivy should immediately come to mind as the go-to vulnerability scanning tool for that ecosystem.
Topics
Community Discussion
No community discussion yet for this question.