CCCS-203B · Question #309
CCCS-203B Question #309: Real Exam Question with Answer & Explanation
The correct answer is C. The image stores sensitive credentials in plaintext within environment variables.. Option A: Using base layers from trusted registries is a recommended practice to ensure that images are less likely to contain vulnerabilities. However, relying solely on trust without scanning the image could still pose a risk. Option B: Hardcoding IP addresses is not ideal for
Question
Options
- AThe image uses a base layer from a trusted container registry.
- BThe image includes a hardcoded list of known IP addresses for connecting to external services.
- CThe image stores sensitive credentials in plaintext within environment variables.
- DThe image does not specify a default entrypoint for the application.
Explanation
Option A: Using base layers from trusted registries is a recommended practice to ensure that images are less likely to contain vulnerabilities. However, relying solely on trust without scanning the image could still pose a risk. Option B: Hardcoding IP addresses is not ideal for maintainability and flexibility but does not directly introduce security vulnerabilities unless the IPs point to malicious or insecure Option C: Storing sensitive credentials in plaintext within the image or environment variables creates a major security vulnerability. If the image is compromised, attackers can easily extract these credentials, enabling unauthorized access to systems or sensitive data. Best practices include using secret management tools like AWS Secrets Manager or HashiCorp Vault to handle sensitive information securely. Option D: While omitting a default entrypoint may cause runtime errors or operational inefficiencies, it does not inherently create a security risk. Correcting this is a functional improvement rather than a critical security fix.
Community Discussion
No community discussion yet for this question.