Question 21
Domain 6: Monitoring, Logging and Runtime SecurityA security engineer wants to deploy an eBPF-based tool to observe syscall, process, and file activity on hosts and containers for runtime threat detection. Which pair of tools directly fits this requirement?
Correct answer: A
Explanation
Tracee and Tetragon are eBPF-based runtime security and observability tools used to monitor low-level system behavior such as syscalls, processes, and file activity. — cks_syllabus.txt
Why each option is right or wrong
A. Tracee and Tetragon
The source material explicitly identifies Tracee and Tetragon as the eBPF-based tools relevant to this runtime security topic, matching the requirement to monitor low-level activity.
B. Tracee and Falco
Only Tracee and Tetragon are identified here as the eBPF-based tools for this topic.
C. Tetragon and Prometheus
Prometheus is not identified here as one of the eBPF-based tools in this topic.
D. Kubescape and Tetragon
Kubescape is not listed here as one of the eBPF-based tools for this runtime monitoring topic.