Knowledge check

1.

Which component of Microsoft Defender for Containers collects runtime data from Azure Kubernetes Service (AKS) nodes using eBPF technology?

Defender sensor DaemonSet

Azure Policy for Kubernetes add-on

Kubernetes API access

Agentless scanning for machines

2.

When you enable the Defender for Containers plan in Microsoft Defender for Cloud, which two components are autoprovisioned to AKS clusters by default?

Defender sensor and agentless scanning for machines

Defender sensor and Azure Policy for Kubernetes add-on

Registry access and Kubernetes API access

Azure Policy for Kubernetes add-on and Kubernetes API access

3.

What is the key difference between push-triggered scanning and runtime container scanning in Defender for Containers?

Push-triggered scanning uses the Defender sensor; runtime scanning uses agentless discovery.

Push-triggered scanning runs daily; runtime scanning runs only when an image is pushed.

Push-triggered scanning applies only to Linux images; runtime scanning covers both Linux and Windows.

Push-triggered scanning evaluates images stored in ACR; runtime scanning evaluates images currently running in AKS clusters.

4.

What does binary drift detection identify in a running container?

Containers that are running with root user privileges

Container images in ACR that have CVEs above a defined severity threshold

Executables running inside a container that weren't present in the original container image

Kubernetes API calls made from unusual source IP addresses

5.

Which component of the Defender for Containers plan blocks noncompliant workloads from being deployed to an AKS cluster before they reach the cluster?

Azure Policy for Kubernetes add-on

Defender sensor DaemonSet

Agentless scanning for machines

Kubernetes API access

Check your knowledge

Feedback