CS0-003 Domain 2: Vulnerability Management

Which container scan checks image layers for CVEs?

Multiple choice — select one answer

Answer choices

  1. a. CI registry image scanning
  2. b. Open critical count over time
  3. c. Exploitability subscore / EPSS context
  4. d. Follow change control and monitor metrics

Architectural breakdown & explanation

Image scans catch vulnerable packages early.

Correct answer(s): a. CI registry image scanning

Exam domain: Domain 2: Vulnerability Management (30% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA CySA+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.