Q23 — AWS DOP-C02 Ch.3

Question 23 of 100 | ← Chapter 3

A company uses Amazon Elastic Container Registry (Amazon ECR) private registries to store container images. A development team needs to ensure container images are scanned regularly for software vulnerabilities. Which solution meets this requirement?

Correct Answer: A. Enable enhanced scanning for the Amazon ECR private registry.

Explanation

Amazon ECR provides built-in vulnerability scanning. Basic scanning runs automatically on image push but does not support configurable periodic scanning. Enhanced scanning supports on-demand and scheduled scans, delivering deeper vulnerability assessments aligned with regular scanning requirements. Options C and D introduce operational overhead and maintenance burden, whereas option A leverages a fully managed, native ECR feature. Option B does not satisfy the ‘regular’ (i.e., scheduled) scanning requirement.