A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the best solution to prevent this type of incident from occurring again?
Enforcing the use of a controlled trusted source of container images is the best solution to prevent incidents like the one described. By ensuring that the container images come from a trusted source, such as a private container registry that scans for vulnerabilities and is managed by the organization, the risk of introducing zero-day vulnerabilities or other malicious code from public registries is minimized. This approach helps to maintain the integrity and security of the images, reducing the likelihood of similar incidents occurring in the future.
Enforcing the use of a controlled and trusted source of container images is the best solution to prevent incidents like the one described. When using containerized applications, it is crucial to ensure that the container images come from trusted sources, such as a private container registry, where the images are scanned for vulnerabilities and controlled by the organization. This way, the risk of downloading images with zero-day vulnerabilities or other malicious code from public registries is minimized.
Won't help for Zero-Day attacks.
Should be C
How does vulnerability scan help in zero-day though? zero day means it's unknown, and it wont be detected in the scan, right?
Yes, you are correct. Scans won't detect a zero-day attack
Thats impossible to work because no scanner on earth can detect a zero-day
A good IPS using heuristics, baselines and AI can be extremely effective on a Zero-Day attack. How would you define a vulnerability scan for a zero-day? How would a trusted source be able to do this? Answer should be B
a verified trusted source has already been reviewed/assessed and has had a vulnerability scan. Going with A
A zero-day vulnerability can not be detected by a vulnerability scan. C is not correct. I choose A.
A good IPS would detect a Zero-Day attack, if using heuristics, baselines, and AI, right?
You want to prevent this from happening again not minimize the risk. You cant protect against zero-day vulnerabilities so the only way is to install IPS to detect and prevent against malicious code.
How would the IPS know if a zero-day attack was happening? The IPS uses established signatures of known exploits. And we all know zero-day attacks are UNKOWN
chatgpt: C. Define a vulnerability scan to assess container images before being introduced into the environment. By implementing a vulnerability scanning process for container images, the organization can identify and assess any potential security vulnerabilities or weaknesses before deploying them into the environment. This allows for proactive detection and mitigation of known vulnerabilities, reducing the risk of introducing a zero-day vulnerability or other security issues. Enforcing the use of a controlled trusted source of container images (option A) is also important to ensure the integrity and security of the images, but it may not be sufficient on its own to prevent zero-day vulnerabilities. Deploying an IPS solution (option B) capable of detecting signatures of attacks targeting containers can provide additional security measures, but it may not be effective against zero-day vulnerabilities. Creating a dedicated VPC (option D) can enhance isolation and segmentation but does not directly address the issue of vulnerability detection in container images.
Going with A here
A. Enforce the use of a controlled trusted source of container images.
Those for A should bear in mind that not all applications from trusted sources are necessarily vulnerability-free. While obtaining applications from reputable or trusted sources can reduce the risk of encountering malicious software or intentionally harmful applications, it does not guarantee that the applications themselves are free from vulnerabilities.
Not for Zero-Day attacks!
Normally, I would select A as the answer, however, the mention of "Zero-Day" means that any trusted source would not have a defense against the vulnerability! C wouldn't really work, either, since, as above it's a "Zero-Day" problem - how can you define a scan for something you have no info on? D won;t work, either. If you have an IPS solution that works with heuristics and/or AI, you can detect Zero Day attacks and prevent them.
For whomever selected C....two hyphenated words "zero-day". Answer is A.
I am voting for option A.
I personally think A-C won’t help against a zero day. D. At least it is segmented more from the network & less likely for threat actors to leverage any vulnerabilities they can find.
this is such a weird question . just because you get it from a trusted source doesnt mean it wont have zero day vulnerabilities. it says prevent , that wont prevent because you wont know, the point of a zero day attack is that nobody knows until it happens ?
For those choosing B, how does a zero-day attack have a known signature??