Practice free →
HomeAzure AZ-500cloudcomputingaz500compstoragedb › Which Azure feature should a security engineer u…

Which Azure feature should a security engineer use to enforce 'only signed container images from a trusted ACR repository can run on this AKS cluster'?

AAzure Policy + admission controllers (Gatekeeper) on AKS + ACR Content Trust + Microsoft Defender for Containers
BSharing kubeconfig publicly
CAllowing any image from any registry to run
DDisabling Kubernetes RBAC
Answer & Solution
Correct answer: A. Azure Policy + admission controllers (Gatekeeper) on AKS + ACR Content Trust + Microsoft Defender for Containers
Policy + admission controllers + ACR trust + Defender for Containers is the AKS image-trust stack (per AZ-500 §3 AKS security). The others are insecure.
Solve this in the app — Azure AZ-500 practice & 24k+ MCQs →
Related questions