CV0-004 · Question #219
CV0-004 Question #219: Real Exam Question with Answer & Explanation
The correct answer is A: Adding the USER myappuserinstruction. Adding the "USER myappuser" instruction to the Dockerfile is the best solution to prevent similar exploits by privileged processes. This instruction ensures that the container runs as a non- privileged user instead of the root user, significantly reducing the risk of privileged e
Question
A security engineer Identifies a vulnerability m a containerized application. The vulnerability can be exploited by a privileged process to read tie content of the host's memory. The security engineer reviews the following Dockerfile to determine a solution to mitigate similar exploits: Which of the following is the best solution to prevent similar exploits by privileged processes?
Options
- AAdding the USER myappuserinstruction
- BPatching the host running the Docker daemon
- CChanging FROM alpiner3.17 to FROM alpine:latest
- DRunning the container with the ready-only filesystem configuration
Explanation
Adding the "USER myappuser" instruction to the Dockerfile is the best solution to prevent similar exploits by privileged processes. This instruction ensures that the container runs as a non- privileged user instead of the root user, significantly reducing the risk of privileged exploits. Running containers with least privilege principles minimizes the potential impact of vulnerabilities, enhancing the overall security posture of the containerized environment.
Topics
Community Discussion
No community discussion yet for this question.