Q: 5
[Emerging Technologies and Threats]
A security engineer wants to reduce the attack surface of a public-facing containerized application
Which of the following will best reduce the application's privilege escalation attack surface?
Options
Discussion
A , D is tempting for network isolation but the real privilege escalation fix is making sure the app doesn't run as root. A does that, so that's what I'd pick. Seen similar trap on practice exams.
A tbh, seen similar in exam reports about Docker privilege issues.
Honestly sick of seeing these vague "best way" privilege escalation questions. Probably D, since network isolation plus a load balancer with ACLs stops lateral movement cold.
D makes the most sense to me for reducing privilege escalation. By isolating the container in a separate network and putting ACLs on the load balancer, external access is tightly controlled so attackers can't easily escalate out or reach other segments. Not 100% sure since I could see an argument for A, but D feels like the right approach here. Agree?
Its A, had something like this in a mock. Setting non-root user in the Dockerfile is key here.
A
A. not C. The trap is thinking remediation controls actually stop escalation, but reducing container privileges hits the root cause here.
Feels like this is same as a common exam questions. on a practice exam, pretty sure it's A. Limiting the container to a non-root user cuts down privilege escalation risk. Anyone see it differently?
Its A, running containers as non-root limits privilege escalation. Pretty standard hardening step for Docker. Anyone see a catch here?
Had something like this in a mock and the answer was A.
Be respectful. No spam.
