ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

In a pre-deployment review of a public production Kubernetes cluster, you find four manifest settings: containers run as root; verbose debug logging is enabled; images use the "latest" tag; liveness probes are disabled. Which single setting presents the greatest production security risk and should be fixed first?

Containers are configured to run with root privileges
Container images are referenced using the "latest" tag instead of immutable hashes
Verbose debug logging is left enabled
Liveness probes are disabled for the application pods

Report Issue

Answer Description

Running application containers as the root user violates the principle of least privilege and dramatically enlarges the attack surface in production. If an attacker compromises the container, root privileges allow them to modify the host or other containers, escape the sandbox, and persist. While verbose logging or using the "latest" tag can cause information disclosure or version-drift issues, these generally expose less immediate impact than full root access. Disabling liveness probes affects availability, not direct security. Therefore, ensuring containers run as non-root users is the highest-priority security control for production deployments.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.

Why is running containers as root a security risk in Kubernetes?

Open an interactive chat with Bash

What are some effective ways to configure Kubernetes pods to avoid running as root?

Open an interactive chat with Bash

How does the principle of least privilege improve Kubernetes cluster security?

Open an interactive chat with Bash

Why is running containers as root considered a major security risk?

Open an interactive chat with Bash

What is the 'principle of least privilege' and why is it important in container security?

Open an interactive chat with Bash

How can you ensure containers do not run as root in Kubernetes?

Open an interactive chat with Bash

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)

Secure Software Deployment, Operations, Maintenance

Your Score:

Settings & Objectives

Secure Software Concepts

Secure Software Lifecycle Management

Secure Software Requirements

Secure Software Architecture and Design

Secure Software Implementation

Secure Software Testing

Secure Software Deployment, Operations, Maintenance

Secure Software Supply Chain

Random Mixed

Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.

Rotate by Objective

Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Hide Score

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot

AI Bot