Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CompTIA Exam CV0-004 Topic 6 Question 23 Discussion

Actual exam question for CompTIA's CV0-004 exam
Question #: 23
Topic #: 6
[All CV0-004 Questions]

A security engineer Identifies a vulnerability m a containerized application. The vulnerability can be exploited by a privileged process to read tie content of the host's memory. The security engineer reviews the following Dockerfile to determine a solution to mitigate similar exploits:

Which of the following is the best solution to prevent similar exploits by privileged processes?

Show Suggested Answer Hide Answer
Suggested Answer: A

The output from the 'ps' command indicates there is a process running under the UID (User ID) of 0, which is the root user, and the command that was run is '/var/www/command.py'. Given that the normal Apache processes are running under their own UID (65535), this suggests that a command was executed with root privileges that typically should not have such high-level access. This is a strong indicator of privilege escalation, where an unauthorized user or process gains elevated access to resources that are normally protected from an application or user. Reference: CompTIA Cloud+ Certification Study Guide (Exam CV0-004) by Scott Wilson and Eric Vanderburg


by Erasmo at Sep 14, 2024, 11:10 AM

Limited Time Offer

25%

Off

Get Premium CV0-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Leatha
24 days ago
You know, I heard about this one guy who tried to hack a container by reading the host's memory. Bet he felt pretty silly when he realized the container was running with a read-only filesystem!
upvoted 0 times
...
Rasheeda
25 days ago
Ha! Trying to run as a different user? That's like putting a bandaid on a broken leg. Option D is definitely the way to go.
upvoted 0 times
...
Chau
1 months ago
Changing the base image might help, but it's not a complete solution. I agree with option D - the read-only filesystem should be the way to go.
upvoted 0 times
Inocencia
6 days ago
Patching the host running the Docker daemon might be a good idea as well to ensure overall security.
upvoted 0 times
...
Jose
17 days ago
I think adding the USER myappuserinstruction could also help limit the privileges of the containerized application.
upvoted 0 times
...
Annette
27 days ago
Option D is definitely the best choice. A read-only filesystem would prevent any unauthorized access to the host's memory.
upvoted 0 times
...
...
Marlon
1 months ago
Patching the host is a good idea, but it may not be enough to prevent similar exploits. I'd go with option D as well.
upvoted 0 times
Maryanne
17 days ago
I agree, running the container with a read-only filesystem configuration can help mitigate the vulnerability.
upvoted 0 times
...
Valda
22 days ago
Option D seems like the best solution to prevent similar exploits.
upvoted 0 times
...
...
Iraida
2 months ago
Hmm, the key seems to be limiting the privileges of the running container. I think option D is the best solution here.
upvoted 0 times
Casey
24 days ago
Changing the base image to the latest version might also address potential vulnerabilities.
upvoted 0 times
...
Reita
25 days ago
Patching the host running the Docker daemon could also help enhance security.
upvoted 0 times
...
Bernardo
1 months ago
I think running the container with a read-only filesystem is a good way to prevent exploits.
upvoted 0 times
...
Geraldine
1 months ago
I agree, limiting the privileges of the container is crucial.
upvoted 0 times
...
...
Karan
2 months ago
But wouldn't changing FROM alpine:3.17 to FROM alpine:latest also help prevent similar exploits?
upvoted 0 times
...
Corrina
2 months ago
I disagree, I believe patching the host running the Docker daemon is the best solution.
upvoted 0 times
...
Karan
2 months ago
I think the best solution is adding the USER myappuser instruction.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77