CAS-005
Security Engineering
medium
Question 4 of 31

An organization uses a container registry and wants to ensure that only images that pass vulnerability scanning are deployed to production Kubernetes clusters. Which enforcement mechanism BEST implements this policy?

ARequire developers to run vulnerability scans locally before pushing images
BConfigure a Kubernetes admission controller (webhook) to reject pods referencing images that have not passed a vulnerability scan gate in the CI/CD pipeline
CEnable read-only access to the container registry for all users
DSet resource limits on all Kubernetes pods

More Security Engineering Questions

31 questions

Full CompTIA SecurityX Practice Test

All topics covered

All CompTIA SecurityX Questions

Browse by topic

Related Questions

Which SCAP component provides a standardized naming scheme for software flaws and security vulnerabi...

easy

Which cryptographic technique allows computation on encrypted data without first decrypting it?...

easy

Which cryptographic property ensures that past session keys cannot be compromised even if the long-t...

easy

Which SOAR capability allows a security operations team to define automated responses to specific al...

easy

A security engineer is automating vulnerability remediation across 2,000 cloud instances. The engine...

medium
View all Security Engineering questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account