ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-400 All Questions

View all questions & answers for the AZ-400 exam
Go to Exam

Exam AZ-400 topic 7 question 37 discussion

Actual exam question from Microsoft's AZ-400
Question #: 37
Topic #: 7
[All AZ-400 Questions]

Your company deploys applications in Docker containers.
You want to detect known exploits in the Docker images used to provision the Docker containers.
You need to integrate image scanning into the application lifecycle. The solution must expose the exploits as early as possible during the application lifecycle.
What should you configure?

  • A. a task executed in the continuous integration pipeline and a scheduled task that analyzes the image registry
  • B. manual tasks performed during the planning phase and the deployment phase
  • C. a task executed in the continuous deployment pipeline and a scheduled task against a running production container
  • D. a task executed in the continuous integration pipeline and a scheduled task that analyzes the production container
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by joseluismantilla at June 12, 2020, 12:14 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TechieBloke
Highly Voted 4 years, 6 months ago
No way you should do manual task. And the requirement states "as early as possible" so image registry is the earliest option from the other 3 what left. Answer is correct.
upvoted 20 times
Radul85
2 years ago
Correttamundo !
upvoted 2 times
...
...
joseluismantilla
Highly Voted 4 years, 8 months ago
This is a new feature release in March, https://docs.microsoft.com/en-us/azure/security-center/azure-container-registry-integration Now, in your pipeline, trivy/aqua would be the task.
upvoted 9 times
...
ozbonny
Most Recent 11 months, 4 weeks ago
Selected Answer: A
A. a task executed in the continuous integration pipeline and a scheduled task that analyzes the image registry
upvoted 2 times
...
Deequation
2 years, 3 months ago
Why is CI a better place to scan, than in CD? Sure, if it's a known issue, you catch it already in CI step. But what if you run your CI, nothing is found. Then months later you want to deploy your build, or even revert to an old one. Now you are just going to run your CD, but in the meantime, issues could have been found. This will not be detected by running the scan exclusively in build.
upvoted 2 times
...
syu31svc
2 years, 6 months ago
Selected Answer: A
https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-cicd "To set up the scanner, you'll need to enable Microsoft Defender for container registries and the CI/CD integration" Answer is A
upvoted 1 times
...
Eltooth
2 years, 8 months ago
Selected Answer: A
A is correct answer.
upvoted 1 times
...
UnknowMan
2 years, 9 months ago
Never do in OnProd env and no manual, so Answer is correct. => image registry
upvoted 2 times
...
rdemontis
2 years, 10 months ago
Selected Answer: A
for the correct answer is A. CI and ACR are the places to scan for security issues as early as possible
upvoted 1 times
...
jojom19980
3 years, 8 months ago
The answer is looking correct :https://docs.microsoft.com/en-us/azure/security-center/defender-for-container-registries-cicd
upvoted 5 times
...
Duleep
4 years, 7 months ago
why we need to analyze image registry?, it would be faster analyze only required images
upvoted 1 times
combo_breaker
3 years, 11 months ago
Faster.. yes. But since analyzing the image registry will be a scheduled task (not one that is ran while you are running your CI/CD pipeline) it hopefully shouldn't matter how long it takes. Schedule it for Saturday-Sunday morning if time is an issue for ya.
upvoted 3 times
...
whoisthis
4 years, 1 month ago
You need to scan image registry because vulnerabilities could be found even after you successfully scan it during your CI when the vulnerabilities database does not yet contain the CVE
upvoted 3 times
...
cucuff
4 years, 6 months ago
I have the same doubt, but the others answers are a big NO, so i suppose A is the correct answer
upvoted 4 times
...
...
Ivjo
4 years, 7 months ago
Answer looks right, but it is not scheduled. It's done on the every push stage, no ?
upvoted 3 times
Yong2020
4 years, 3 months ago
There might be images not pushed through code, e.g. manually uploaded images, they need to be scanned to be secured. So a scheduled scan is also required just to cover 100% cases.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel