AZ-400 – Question 192

0
103
Your company deploys applications in Docker containers.

You want to detect known exploits in the Docker images used to provision the Docker containers.
You need to integrate image scanning into the application lifecycle. The solution must expose the exploits as early as possible during the application lifecycle.

What should you configure?

A. a task executed in the continuous integration pipeline and a scheduled task that analyzes the image registry
B. manual tasks performed during the planning phase and the deployment phase
C. a task executed in the continuous deployment pipeline and a scheduled task against a running production container
D. a task executed in the continuous integration pipeline and a scheduled task that analyzes the production container

Correct Answer: A

You can use the Docker task to sign into ACR and then use a subsequent script to pull an image and scan the container image for vulnerabilities.
Use the docker task in a build or release pipeline. This task can be used with Docker or Azure Container registry.
Incorrect Answers:
C: We should not wait until deployment. We want to detect the exploits as early as possible.
D: We should wait until the image is in the product container. We want to detect the exploits as early as possible.