Exam AZ-500 topic 3 question 36 discussion

Microsoft Defender for container registries has been deprecated. Now Microsoft Defender for Containers can check windows images too. https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-container-registries-introduction https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction

given answer is correct

Windows is not supported Only Linux is https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-container-registries-introduction

Defender for containers support most of linux Distros & Only Windows Server https://learn.microsoft.com/en-us/azure/defender-for-cloud/support-matrix-defender-for-containers?tabs=arcva%2Cazurert%2Cazurespm%2Cazurecssc%2Cawsnet#registries-and-images-support-for-vulnerability-assessment

BE' Key Considerations: Windows images are NOT scanned by default for vulnerabilities in Azure Container Registry. Only Linux-based images are supported for vulnerability scanning. Each time a new Linux image is pushed (even if it’s a modification), it will be scanned again.

Now we can scan Windows images as well this question is outdated also question talks about Azure Container Registery which is already deprecated and now we can scan both Windows and Linux images with Defender for containers. In the old times answer was BE, now ABCDE.

Supported registries and images: Linux images in ACR registries accessible from the public internet with shell access ACR registries protected with Azure Private Link Unsupported registries and images: Windows images 'Private' registries (unless access is granted to Trusted Services) Super-minimalist images such as Docker scratch images, or "Distroless" images that only contain an application and its runtime dependencies without a package manager, shell, or OS Images with Open Container Initiative (OCI) Image Format Specification https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-container-registries-introduction

So there's an update to this. It seems that scanning windows images is now available in preview. On this site: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-architecture?tabs=defender-for-container-arch-aks was a little note pointing here: https://learn.microsoft.com/en-us/azure/defender-for-cloud/support-matrix-defender-for-containers#registries-and-images-support-for-azure---vulnerability-assessment-powered-by-qualys The referenced table clearly states that " Windows images using Windows OS version 1709 and above (Preview). This is free while it's in preview, and will incur charges (based on the Defender for Containers plan) when it becomes generally available."

Azure Container Registry vulnerability scanning, when enabled, automatically scans images as they are pushed to the registry. However, it's important to note that Azure Security Center's container scanning typically supports Linux images and does not support Windows images. Given this, the images that will be scanned for vulnerabilities are: B. Image2 - This is a Linux image which will be scanned upon push to the registry. E. Image5 - This is also a Linux image (modified from Image2) and will be scanned when it's pushed to the registry. The Windows images (Image1, Image3, and Image4) will not be scanned by Azure Security Center's container scanning feature, as it does not support Windows images. Therefore, correct answers are Image2 and Image5.

chatgpt says AE

When you enable vulnerability scanning in an Azure Container Registry (ACR), Azure Security Center automatically scans images that are streamed into the registry. This includes scanning the image layers for vulnerabilities. Based on the actions described: Image push Windows Image1: Will be checked. Linux Image2 image push: Will be checked. Windows Image3 image push: Will be checked. Modify Image1 and push the new image as Image4: A new image (Image4) will be checked. Modify Image2 and push the new image as Image5: A new image (Image5) will be checked. Therefore, all images i.e. Image1, Image2, Image3, Image4 and Image5 will be scanned for vulnerabilities. The correct answers are: A. Image4 E. Image5

Windows images using Windows OS version 1709 and above (Preview) are also supported. https://learn.microsoft.com/en-us/azure/defender-for-cloud/support-matrix-defender-for-containers

B. Image2 E. Image5

Letter A and E. Images that were pushed initially (Image1, Image2, Image3) will not be scanned for vulnerabilities retroactively since the scanning process is typically triggered when images are pushed or updated.

B. Image2 E. Image5 It was reserved for Linux machines only. Nowadays Windows is supported as well. So question is outdated

Question is old see new details: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure

You can now scan Windows images (preview).