SAP-C02 Question 478
Question
A company is deploying a new application on AWS. The application consists of an Amazon Elastic Kubernetes Service (Amazon EKS) cluster and an Amazon Elastic Container Registry (Amazon ECR) repository. The EKS cluster has an AWS managed node group. The company's security guidelines state that all resources on AWS must be continuously scanned for security vulnerabilities. Which solution will meet this requirement with the LEAST operational overhead?
Options
A. Activate AWS Security Hub. Configure Security Hub to scan the EKS nodes and the ECR repository.
B. Activate Amazon Inspector to scan the EKS nodes and the ECR repository.
C. Launch a new Amazon EC2 instance and install a vulnerability scanning tool from AWS Marketplace. Configure the EC2 instance to scan the EKS nodes. Configure Amazon ECR to perform a basic scan on push.
D. Install the Amazon CloudWatch agent on the EKS nodes. Configure the CloudWatch agent to scan continuously. Configure Amazon ECR to perform a basic scan on push.
Answer
B
Explanation
Correct answer: B Explanation: The best answer is B. Correct option: B. Activate Amazon Inspector to scan the EKS nodes and the ECR repository. Why this is correct: This option most directly satisfies the hard requiremen...