Exam 312-50v10 topic 1 question 291 discussion

A. Host OS on containers has a larger surface attack. They share host OS, allowing attackers to exploit vulnerabilities in one container to attack others or the host system. Virtual machines provide more isolation, making it harder for attackers to directly target the host. However, with proper configuration and management, containers can still achieve a high level of security. Security measures include limiting container privileges and applying security practices.

The answer is A. Container is usually lighter than VM, so if the attacker makes container to starvation, VM is also too.

A Virtual Machine is an entire “sandboxed” operating system. A container is a “sandboxed” application, but all the containers run on the same host OS. A single compromised container could affect the host OS, which then would lead to compromise of the entire machine and all of its containers. A compromised VM, on the other hand, would only affect that one VM and not affect the others.

All containers run on the same host, so: D. A compromise container may cause a CPU starvation of the host.

Answer is A. VM = Only app + VM. Containers = App + Containers + Orchestration tools + VM

A Virtual Machine is an entire “sandboxed” operating system. A container is a “sandboxed”application, but all the containers run on the same host OS. A single compromised containercould affect the host OS, which then would lead to compromise of the entire machine and all ofits containers. A compromised VM, on the other hand, would only affect that one VM and notaffect the others.

A. is correct A. Host OS on containers has a larger surface attack.