Free CrowdStrike CCCS-203b Actual Exam Questions - Question 1 Discussion
actionable recommendation?
A/C? Disabling unused admission controllers is a good security move but feels more like cluster hardening than an image-specific fix. Updating images (C) directly addresses what the scan highlights.
Maybe C makes the most sense since after scanning, the logical step is to patch those critical vulnerabilities in the images rather than changing cluster settings.
B imo, applying pod security policies is a concrete step to restrict risky container behaviors after assessing images, especially if privileged containers are detected. It’s more immediate than limiting pods or messing with admission controllers.
C, patching vulnerabilities is the main purpose of image assessments.
Guessing C since image assessments mainly flag vulnerabilities to patch in the containers.
Actually, I think A makes sense too since image assessments often flag components or features included in the container that aren’t needed and could pose risks. Disabling unused admission controllers can tighten security based on what the image reveals about what's running. B and D seem more like cluster or runtime policies, not really image-level fixes. So while C is a solid choice, don’t overlook A as an actionable step derived from analyzing the image content itself.
Good points on C being about fixing vulnerabilities inside the image. I’d add that B seems more about runtime security policies, not something an image scan would recommend directly. So going with C feels right since updating images matches what an image assessment targets.
A imo, since disabling unused admission controllers reduces attack surface highlighted by image scans.
It’s C because image assessments focus on vulnerabilities inside the container itself, so updating images is the most direct fix. Config stuff like pod security policies usually comes from other scans.
Option C feels like the right pick here because image assessments mainly focus on scanning for vulnerabilities inside the container image itself. Things like disabling admission controllers or pod security policies are more about cluster configuration and runtime security, which usually get handled separately. So, the actionable recommendation right after an image assessment would logically be updating the images to patch any critical issues found.
I think the answer is C. Updating container images to fix critical vulnerabilities makes the most sense after an image assessment since that's what the scan would identify. The other options seem more about runtime or cluster config.