Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Linux Foundation Exam CKS Topic 1 Question 38 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 38
Topic #: 1
[All CKS Questions]

Analyze and edit the given Dockerfile

FROM ubuntu:latest

RUN apt-get update -y

RUN apt-install nginx -y

COPY entrypoint.sh /

ENTRYPOINT ["/entrypoint.sh"]

USER ROOT

Fixing two instructions present in the file being prominent security best practice issues

Analyze and edit the deployment manifest file

apiVersion: v1

kind: Pod

metadata:

name: security-context-demo-2

spec:

securityContext:

runAsUser: 1000

containers:

- name: sec-ctx-demo-2

image: gcr.io/google-samples/node-hello:1.0

securityContext:

runAsUser: 0

privileged: True

allowPrivilegeEscalation: false

Fixing two fields present in the file being prominent security best practice issues

Don't add or remove configuration settings; only modify the existing configuration settings

Whenever you need an unprivileged user for any of the tasks, use user test-user with the user id 5487

Show Suggested Answer Hide Answer
Suggested Answer: A

by Marjory at Jul 06, 2023, 12:12 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Dianne
2 hours ago
The deployment manifest file has some security issues. The 'runAsUser: 0' and 'privileged: True' fields give the container root privileges, which is not recommended for security reasons.
upvoted 0 times
...
Nathalie
12 days ago
I modified the Dockerfile to use debian:latest and added htop installation for better security.
upvoted 0 times
...
Felicidad
12 days ago
The first Dockerfile instruction has a typo in 'apt-install' instead of 'apt-get install'. Also, the 'USER ROOT' instruction is a security risk, it's better to run the container as a non-root user.
upvoted 0 times
...
Lisha
13 days ago
I agree, it required careful analysis and editing to fix the security issues.
upvoted 0 times
...
Nathalie
14 days ago
I found the Dockerfile and deployment manifest file question tricky.
upvoted 0 times
...
Carmela
18 days ago
I believe modifying the deployment manifest file is also crucial for security. We need to fix those fields.
upvoted 0 times
...
Edda
19 days ago
I agree, we should analyze and edit the Dockerfile to ensure best security practices.
upvoted 0 times
...
Augustine
27 days ago
I think the Dockerfile needs to be edited to fix security issues.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77