Which of the following statements BEST explains why containerization cannot fully prevent a compromise in one container from affecting other containers that run on the same host?
Containers run their own independent kernels, so a vulnerability in one kernel can be exploited to compromise others.
Containers always run with unrestricted network access to every other container on the host, regardless of configuration.
Containers require hardware virtualization extensions that allow direct memory access between containers.
Containers share the host operating-system kernel, so a kernel-level exploit can allow code to escape one container and access others.
Containers share the host's operating-system kernel. If an attacker exploits a kernel-level vulnerability or misconfiguration, the code can escape the original container's namespace and interact with the host or other containers. Virtual machines, by contrast, have their own separate kernels, so a compromise stays isolated inside that VM.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Can you explain what containerization technologies are?
Open an interactive chat with Bash
What are the potential vulnerabilities in container security?
Open an interactive chat with Bash
What are the differences between containers and virtual machines?