New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Discussions
  3. Amazon Web Services
  4. AWS Certified Specialty
  5. SCS-C02 Discussions
  6. SCS-C02 Exam Topic 5 Question 41 Discussion

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 41 Topic 5 Discussion

 Amazon Web Services Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
Next  

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 41 Topic 5 Discussion

SCS-C02 Exam Topic 5 Question 41 Discussion:
Question #: 41
Topic #: 5

A company is running a container-based workload on AWS. The workload runs on an Amazon Elastic Container Service (Amazon ECS) cluster and uses container images from an Amazon Elastic Container Registry (Amazon ECR) repository.

The company recently experienced a security incident that involved a container image that included critical vulnerabilities. A CI/CD pipeline that was running outside AWS uploaded the image to the ECR repository and deployed the image to the ECS cluster.

Which solution will prevent images that have vulnerabilities from being pushed to the ECR repository?
A.

Configure the private ECR registry to use enhanced scanning with the scan on push option. Create an Amazon EventBridge rule that invokes an AWS Lambda function when a critical vulnerability is found. Program the Lambda function to block the image push.

B.

Configure Amazon Inspector. Invoke the Amazon Inspector Scan API operation from the CI/CD pipeline. Create an Amazon EventBridge rule that invokes an AWS Lambda function when a critical vulnerability is found. Program the Lambda function to return a failed result to Amazon Inspector.

C.

Create an Amazon Inspector custom CI/CD integration. Install and configure the Amazon Inspector Software Bill of Materials (SBOM) Generator (Sbomgen) binary. Generate an SBOM. Invoke the Amazon Inspector Scan API operation. In case of critical vulnerabilities, fail the CI/CD pipeline.

D.

Enable ECR image scanning on the ECR repository. Configure the continuous scanning option. Set the scanning configuration setting for the private registry to basic scanning. In case of critical vulnerabilities, fail the CI/CD pipeline.

Get Premium SCS-C02 Questions
Actual exam question for Amazon Web Services SCS-C02 exam by Eris76072 at Nov 15, 2025, 1:58:03 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
Next