Question 19
Domain 5: Supply Chain SecurityAn organization wants to use a commercial tool to scan container images for known vulnerabilities as part of its supply chain security program. Which option identifies tools specifically listed for this purpose in the source material?
Correct answer: B
Explanation
For commercial image vulnerability scanning, identify the tools explicitly named in the material rather than substituting other security products or open-source scanners. — cks_syllabus.txt
Why each option is right or wrong
A. Falco and TUF
The material names Snyk and Anchore Enterprise for commercial scanning.
B. Snyk and Anchore Enterprise
The source material for Task Statement 5.4 explicitly lists Snyk and Anchore Enterprise under commercial scanning for images with known vulnerabilities, so this pair matches the stated tools exactly.
C. Trivy and Clair
The material names Snyk and Anchore Enterprise for commercial scanning.
D. Notary and Cosign
The material names Snyk and Anchore Enterprise for commercial scanning.