Exam CS0-002 topic 1 question 367 discussion

https://www.examtopics.com/discussions/comptia/view/54001-exam-cs0-002-topic-1-question-189-discussion/

Dion says you dont need these for containers. So there is no reason there should be Root privilege's. forget root there shouldn't even be an admin user. ▪No patching ▪ No administration ▪ No file system monitoring Even if i didnt read dions note i still would pick B because least privilege enforcement is breached.

Answer A An example of a container-specific IOCs might include unauthorized container image changes: Modifications or updates to container images without proper authorization or outside of the usual update cycle. Running a container as the root user is not necessarily an Indicator of Compromise (IOC) on its own, but it can be considered a security best practice to avoid running containers with elevated privileges whenever possible.

Sorry Answer B

Answer A

https://www.examtopics.com/discussions/comptia/view/54001-exam-cs0-002-topic-1-question-189-discussion/

Running a container with root privileges means that the container has access to the entire host system and can perform any operation. This is a major security risk because if the container is compromised, the attacker would also have access to the entire host system. It is recommended that containers are run with the least amount of privilege necessary to perform their functions. Options A, C, and D are not necessarily indicators of compromise. A container drifting from an approved software image means that the container has been modified, but this modification may be intentional. A container that stops responding or fails to start may simply be experiencing technical issues and not necessarily a result of a compromise. -ChatGPT