Which of the following is the best solution to prevent similar exploits by privileged processes?

A security engineer Identifies a vulnerability m a containerized application. The vulnerability can be exploited by a privileged process to read tie content of the host’s memory.

The security engineer reviews the following Dockerfile to determine a solution to mitigate similar exploits:

Which of the following is the best solution to prevent similar exploits by privileged processes?
A . Adding the USER myappuserinstruction
B . Patching the host running the Docker daemon
C . Changing FROM alpiner3.17 to FROM alpine:latest
D . Running the container with the ready-only filesystem configuration

View Answer

Answer: A

Explanation:

Adding the "USER myappuser" instruction to the Dockerfile is the best solution to prevent similar exploits by privileged processes. This instruction ensures that the container runs as a non-privileged user instead of the root user, significantly reducing the risk of privileged exploits. Running containers with least privilege principles minimizes the potential impact of vulnerabilities, enhancing the overall security posture of the containerized environment.

Reference: The CompTIA Cloud+ framework includes security concerns, measures, and concepts for cloud operations, highlighting the importance of container security practices, such as running containers as non-root users to prevent unauthorized access and exploitation.