Question 15
Domain 5: Supply Chain SecurityAn organization wants to use a commercial tool to scan container images for known vulnerabilities as part of its supply chain security program. Which option identifies a commercial scanning tool named in the source material?
Correct answer: A
Explanation
For image vulnerability scanning, recognize the named commercial tools and distinguish them from unrelated security products or open-source utilities. — cks_syllabus.txt
Why each option is right or wrong
A. Snyk
The source material for Task 5.4 explicitly lists Snyk as a commercial scanning tool used to scan images for known vulnerabilities.
B. Prometheus
Prometheus is not listed here as a commercial image vulnerability scanner.
C. Helm
Helm is not listed here as a commercial image vulnerability scanner.
D. etcd
etcd is not listed here as a commercial image vulnerability scanner.