🔥 3-day streak
CompTIA SecurityX (CAS-005)12 / 120
Question 12 of 120

A DevSecOps team runs a Kubernetes platform where developers can push arbitrary images to the cluster's namespaces. Recent incident review found a workload running an unsigned image pulled from an untrusted public registry that contained a cryptominer. The team already signs internal images using Cosign and stores public keys in a trusted store. Which control most directly prevents unsigned or untrusted images from being deployed to the cluster going forward?

Reviewed for accuracy · Report an issueNext question