ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company deploys a Java-based microservice as a Docker image that is pushed to Amazon Elastic Container Registry (ECR) and then launched on Amazon ECS. To reduce the likelihood that a compromised build server or malicious insider could insert back-doored binaries into the image before it reaches production, which action provides the most effective fundamental software security control by ensuring only trusted code is executed?
Restrict the ECR repository so it is accessible only through VPC interface endpoints.
Enable AWS Shield Advanced on the application's Elastic Load Balancer.
Require digital signatures on ECR container images with AWS Signer and enforce signature verification during deployment.
Configure Amazon Inspector to run continuous vulnerability scans on ECS tasks after deployment.
Requiring that every container image be cryptographically signed during the build process and that the signature be verified at deployment enforces code provenance and integrity-core elements of fundamental software security. AWS Signer can automatically apply and manage digital signatures for container images stored in ECR, and deployment policies can block any image that fails verification, preventing tampered or unapproved code from running.
Scanning running tasks with Amazon Inspector helps find known vulnerabilities after deployment but cannot guarantee the image was unaltered when launched. Restricting the ECR repository to VPC endpoints limits network exposure but does not validate code integrity. Enabling AWS Shield Advanced protects against DDoS attacks and is unrelated to preventing malicious code insertion.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Signer, and how does it ensure code integrity?
Open an interactive chat with Bash
How does cryptographic signing differ from vulnerability scanning?
Open an interactive chat with Bash
What role does code provenance play in preventing malicious code insertion?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .