SAP-C02 第 224 题
题目
A company is running a containerized application in the AWS Cloud. The application is running by using Amazon Elastic Container Service (Amazon ECS) on a set of Amazon EC2 instances. The EC2 instances run in an Auto Scaling group. The company uses Amazon Elastic Container Registry (Amazon ECR) to store its container images. When a new image version is uploaded, the new image version receives a unique tag. The company needs a solution that inspects new image versions for common vulnerabilities and exposures. The solution must automatically delete new image tags that have Critical or High severity findings. The solution also must notify the development team when such a deletion occurs. Which solution meets these requirements?
中文翻译:
一家公司正在 AWS 云中运行容器化应用程序。该应用程序通过使用 Amazon Elastic Container Service (Amazon ECS) 在一组 Amazon EC2 实例上运行。 EC2 实例在 Auto Scaling 组中运行。该公司使用 Amazon Elastic Container Registry (Amazon ECR) 来存储其容器映像。当上传新的图像版本时,新的图像版本会收到一个唯一的标签。该公司需要一种解决方案来检查新映像版本是否存在常见漏洞和暴露情况。该解决方案必须自动删除具有“严重”或“高”严重性结果的新图像标签。当发生此类删除时,解决方案还必须通知开发团队。哪种解决方案满足这些要求?
选项
A. Configure scan on push on the repository. Use Amazon EventBridge to invoke an AWS Step Functions state machine when a scan is complete for images that have Critical or High severity findings. Use the Step Functions state machine to delete the image tag for those images and to notify the development team through Amazon Simple Notification Service (Amazon SNS).
中文翻译:
在存储库上配置推送时扫描。当对具有“严重”或“高”严重性结果的图像完成扫描时,使用 Amazon EventBridge 调用 AWS Step Functions 状态机。使用 Step Functions 状态机删除这些图像的图像标签,并通过 Amazon Simple Notification Service (Amazon SNS) 通知开发团队。
B. Configure scan on push on the repository. Configure scan results to be pushed to an Amazon Simple Queue Service (Amazon SQS) queue. Invoke an AWS Lambda function when a new message is added to the SQS queue. Use the Lambda function to delete the image tag for images that have Critical or High severity findings. Notify the development team by using Amazon Simple Email Service (Amazon SES).
中文翻译:
在存储库上配置推送时扫描。配置要推送到 Amazon Simple Queue Service (Amazon SQS) 队列的扫描结果。当新消息添加到 SQS 队列时调用 AWS Lambda 函数。使用 Lambda 函数删除具有“严重”或“高”严重性结果的图像的图像标签。使用 Amazon Simple Email Service (Amazon SES) 通知开发团队。
C. Schedule an AWS Lambda function to start a manual image scan every hour. Configure Amazon EventBridge to invoke another Lambda function when a scan is complete. Use the second Lambda function to delete the image tag for images that have Critical or High severity findings. Notify the development team by using Amazon Simple Notification Service (Amazon SNS).
中文翻译:
安排 AWS Lambda 函数每小时启动一次手动图像扫描。配置 Amazon EventBridge 以在扫描完成时调用另一个 Lambda 函数。使用第二个 Lambda 函数删除具有“严重”或“高”严重性结果的图像的图像标签。使用 Amazon Simple Notification Service (Amazon SNS) 通知开发团队。
D. Configure periodic image scan on the repository. Configure scan results to be added to an Amazon Simple Queue Service (Amazon SQS) queue. Invoke an AWS Step Functions state machine when a new message is added to the SQS queue. Use the Step Functions state machine to delete the image tag for images that have Critical or High severity findings. Notify the development team by using Amazon Simple Email Service (Amazon SES).
中文翻译:
在存储库上配置定期图像扫描。配置要添加到 Amazon Simple Queue Service (Amazon SQS) 队列的扫描结果。将新消息添加到 SQS 队列时调用 AWS Step Functions 状态机。使用 Step Functions 状态机删除具有“严重”或“高”严重性结果的图像的图像标签。使用 Amazon Simple Email Service (Amazon SES) 通知开发团队。
答案
A
解析
正确答案:A 解析: 本题应选择 A。 正确选项: A. 在存储库上配置推送时扫描。当对具有“严重”或“高”严重性结果的图像完成扫描时,使用 Amazon EventBridge 调用 AWS Step Functions 状态机。使用 Step Functions 状态机删除这些图像的图像标签,并通过 Amazon Simple Notification Service (Amazon SNS) 通知开发团队。 选择理由: 该选项最直...