Your company is planning to deploy a new web application using containerized microservices. The security team is tasked with recommending a practice to enhance the security of the containers. Which of the following practices should be implemented to prevent the containers from running with elevated privileges, which could be exploited if an application vulnerability is identified?
Increase the logging level for all containers to debug mode
Allow containers to run with default privileges for ease of deployment
Implement least privilege containers
Use a single container image for multiple applications to simplify management
The correct answer is 'Implement least privilege containers'. It is a best practice to run containers with the least privileges necessary for the application to function. This reduces the potential impact if the container is compromised. Running containers as a non-root user is a key aspect of this, as it limits the level of access that can be gained by an attacker exploiting a vulnerability within a container. The other options presented are either not directly related to the problem of elevated privileges within containers or reflect less optimal practices.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are least privilege containers?
Open an interactive chat with Bash
Why is running containers as non-root important?
Open an interactive chat with Bash
What are the other security best practices for containerized microservices?