A penetration tester is evaluating the security posture of an organization's new containerized application, which is hosted in a public cloud environment. The tester wants to determine if the organization is effectively monitoring for anomalous activity. Which of the following methods represents the most robust and integrated approach to security monitoring?
Configuring container logs to be periodically exported to a cloud storage bucket for long-term compliance archiving.
Deploying an open-source monitoring agent on each host to forward logs to a central, self-managed analysis server.
Running a daily script to query performance metrics and alert on values that exceed predefined static thresholds.
Utilizing the cloud platform's native security services to automatically ingest and analyze telemetry from the containers.
Using the cloud provider's native security services and dashboards is the most robust method, as these tools are deeply integrated with the platform, are continuously updated by the provider, and often use machine learning for real-time anomaly detection. Deploying open-source agents adds management overhead and may not achieve the same level of seamless integration as native tools. Relying on daily scripts with static thresholds is a weak, non-adaptive form of monitoring that can easily miss sophisticated attacks. Storing logs for compliance is an important but separate function from real-time threat detection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are container workloads?
Open an interactive chat with Bash
How does an integrated dashboard help in monitoring containers?
Open an interactive chat with Bash
Why aren’t manual reviews effective for container monitoring?