Azure Defender Container Registries Image Scanning

When Does Azure Defender Scan a Container Registries Image?

Question

You are a SOC Analyst working at a company which is in the process of deploying cloud workload protection with Azure Defender.

You are the SOC team member working with the application and infrastructure teams architecting the resource architecture for the new web application that uses containers and Azure SQL.

You are accountable to make sure the workloads are secure with Azure Defender and offer options for non-protected workloads.

When do Azure Defender scan a Container Registries image?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: A.

Option A is correct.

Azure Defender for container registries also scans any image that has been pulled within the last 30 days.

Option B & C are incorrect.Schedule scans are not an option.

Option D is incorrect as we can scan the registries which is pulled within last 30 days.

Reference:

Azure Defender for Container Registries is a feature of Azure Security Center that provides security recommendations and threat protection for container images stored in Azure Container Registry. This feature scans container images for known vulnerabilities and threats, and provides recommendations to help mitigate risks.

By default, Azure Defender scans container images in Azure Container Registry nightly. This means that every image in the container registry is scanned at least once a day. However, you can also configure the scanning schedule to scan images as they are added to the registry or on a weekly basis.

Therefore, the correct answer to the question is C. Nightly. Azure Defender scans the container image nightly by default, but this can be configured to meet specific workload requirements.