The security auditors need to ensure that given compliance checks are being run on the host.
Which option is a valid host compliance policy?
A . Ensure functions are not overly permissive.
B . Ensure host devices are not directly exposed to containers.
C . Ensure images are created with a non-root user.
D . Ensure compliant Docker daemon configuration.
Answer: D
Explanation:
The question focuses on valid host compliance policies within a cloud environment. Among the given options, the most relevant to host compliance is ensuring compliant Docker daemon configuration. Docker daemon configurations are critical for securing the host environment where containers are run. A compliant Docker daemon configuration involves setting security-related options to ensure the Docker engine operates securely. This can include configurations related to TLS for secure communication, logging levels, authorization plugins, and user namespace remapping for isolation.
Ensuring functions are not overly permissive (Option A) and ensuring images are created with a non-root user (Option C) are more directly related to the security best practices for serverless functions and container images, respectively, rather than host-specific compliance checks. Ensuring host devices are not directly exposed to containers (Option B) is also important for security, but it falls under the broader category of container runtime security rather than host-specific compliance.
Thus, the most valid host compliance policy from the given options is to ensure a compliant Docker daemon configuration, as it directly impacts the security posture of the host environment in a containerized infrastructure. This aligns with best practices for securing Docker environments and is a common recommendation in container security guidelines, including those from Docker and cybersecurity frameworks.
Reference: Docker Documentation: Security configuration and best practices for Docker engine:
https://docs.docker.com/engine/security/
CIS Docker Benchmark: Providing consensus-based best practices for securing Docker environments:
https://www.cisecurity.org/benchmark/docker/
Latest PCCSE Dumps Valid Version with 85 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund