Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Eccouncil Exam 312-38 Topic 4 Question 97 Discussion

Actual exam question for Eccouncil's 312-38 exam
Question #: 97
Topic #: 4
[All 312-38 Questions]

John is a senior network security administrator working at a multinational company. He wants to block specific syscalls from being used by container binaries. Which Linux kernel feature restricts actions

within the container?

Show Suggested Answer Hide Answer
Suggested Answer: A

The topology that the network designer will propose is known as a screened subnet. This topology involves the use of two or more firewalls to create a network segment referred to as a demilitarized zone (DMZ). The DMZ acts as a buffer zone between the public internet and the internal network. It contains the public-facing servers, such as the web portal mentioned, which is isolated from the internal network for added security. The screened subnet topology typically includes a firewall at the network's edge connected to the internet, another firewall separating the DMZ from the internal network, and the DMZ itself. This setup allows for strict control of traffic between the internet, the DMZ, and the internal network, providing an additional layer of security.


by Wava at Oct 22, 2024, 05:42 AM

Limited Time Offer

25%

Off

Get Premium 312-38 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Kristine
2 days ago
Hmm, Cgroups are great for resource management, but I don't think they're the right tool for blocking specific syscalls. I'd go with Seccomp on this one.
upvoted 0 times
...
Nicolette
8 days ago
Seccomp sounds like the way to go here. I remember reading about how it can restrict system calls in a container. Seems like the best choice for John's needs.
upvoted 0 times
...
Mona
12 days ago
I'm not sure, but I think Cgroups could also be a possible answer.
upvoted 0 times
...
Francoise
14 days ago
I agree with Olene, Seccomp restricts actions within the container.
upvoted 0 times
...
Olene
16 days ago
I think the answer is C) Seccomp.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77