An organization is deploying a container that requires additional privileges for certain kernel-level tasks. The security team wants to avoid granting overly broad permissions. Which approach best addresses the need for advanced functionality while managing risk?
Assign the needed capabilities beyond the default user context
Use host networking mode to minimize networking configuration complexity
Configure the container to run with the necessary privileges for kernel-level tasks
Adjust protection measures to include manual checks when necessary
Allowing only the precise capabilities required by a limited user can handle advanced tasks and reduce the blast radius if something goes wrong. Granting broad permissions to a privileged container or substituting layered security with manual strategies leaves the environment more exposed, and altering the networking mode alone does not help reduce excessive permissions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Linux capabilities and how do they relate to container security?
Open an interactive chat with Bash
How does reducing permissions mitigate the risk in containerized environments?
Open an interactive chat with Bash
What is the difference between privileged containers and fine-grained capabilities?
Open an interactive chat with Bash
CompTIA Cloud+ CV0-004
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access