ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-910 All Questions

View all questions & answers for the 300-910 exam
Go to Exam

Exam 300-910 topic 1 question 14 discussion

Actual exam question from Cisco's 300-910
Question #: 14
Topic #: 1
[All 300-910 Questions]

Which two actions help limit the attack surface of your Docker container? (Choose two.)

  • A. Run only a single service in each container.
  • B. Run all services in a single image.
  • C. Use version tags for base images and dependencies.
  • D. Use Kali Linux as a base image.
  • E. Download images over HTTPS supporting sites.
Show Suggested Answer Hide Answer
Suggested Answer: AE 🗳️
by JM_Lee at Dec. 9, 2020, 7:17 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
JM_Lee
Highly Voted 2 years, 4 months ago
As I think, "A" & "C" is the best.
upvoted 9 times
...
wxz62645
Most Recent 4 months ago
Selected Answer: AE
Guys, ofc it's E. Never download anything from non-HTTPS sites, even containers. Come on... you can not even be sure it's a legitimate site if it's not-HTTPS.
upvoted 1 times
...
bluesky2022
9 months ago
Selected Answer: AE
The answer C is definitely wrong. A tag is a label and it doesn't help secure the container / app in any way. It's about the application security and secure file transfers of the application package. A and E
upvoted 3 times
bpbenabd
5 months, 3 weeks ago
it is not about the application security but it is about limiting of the attack surface, so i think A and C
upvoted 1 times
...
...
szyszka
1 year, 9 months ago
A and C i guess, E will is not required as Images have their checksusm verified? https://snyk.io/blog/10-docker-image-security-best-practices/
upvoted 1 times
...
MrBlack
1 year, 11 months ago
I think A and E are correct. Attack surface refers to the "points of entry" that are vulnerable in an application. For A, limiting the amount of services to 1 in a container limits the reach of an attacker in the application. For E, you ensure the data integrity of the image when using HTTPS (TLS encryption).
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago