A healthcare organization is redesigning its application infrastructure to use containerization for improved scalability and deployment efficiency. The security architect is concerned about potential vulnerabilities in the containerized environment. Which of the following represents the MOST effective security practice when implementing containerization?
Use the 'latest' tag for all production container images
Share the host kernel across all container environments to maximize efficiency
Run containers with root privileges to ensure application functionality
Implement automated container image scanning in the CI/CD pipeline
Container image scanning is the most effective security practice because it detects vulnerabilities, malicious code, and misconfigurations in container images before deployment. This proactive approach prevents vulnerable or compromised containers from entering the production environment.
Sharing the host kernel actually introduces security risks as containers have less isolation than virtual machines. Running containers as root violates the principle of least privilege and increases the attack surface. Using the latest tag for production images is risky because 'latest' is mutable and can lead to unpredictable deployments with potential security vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is container image scanning and why is it important?
Open an interactive chat with Bash
What does the principle of least privilege entail in containerization?
Open an interactive chat with Bash
Why is it risky to use the 'latest' tag for production container images?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access