AZ-400 Develop security and compliance plan

Your team must scan container images in CI. Which Azure option fits best?

Multiple choice — select one answer

Answer choices

  1. a. Latest tag only (not recommended for production workloads)
  2. b. Defender for Cloud container scanning
  3. c. No base updates (not recommended for production workloads)
  4. d. Microsoft Defender for Cloud

Architectural breakdown & explanation

Image scanning finds known vulnerabilities.

Correct answer(s): b. Defender for Cloud container scanning

Exam domain: Develop security and compliance plan (10% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the Microsoft Azure DevOps Engineer Expert bank. Run a full timed practice exam with domain-weighted random questions in your browser.