AWS Certified Security – Specialty — Question 129

Developers in an organization have moved from a standard application deployment to containers. The Security Engineer is tasked with ensuring that containers are secure.
Which strategies will reduce the attack surface and enhance the security of the containers? (Choose two.)

Answer options

• A. Use the containers to automate security deployments.
• B. Limit resource consumption (CPU, memory), networking connections, ports, and unnecessary container libraries.
• C. Segregate container by host, function, and data classification.
• D. Use Docker Notary framework to sign task definitions.
• E. Enable container breakout at the host kernel.

Correct answer: B, C

Explanation

Options B and C are correct because limiting resource usage and segregating containers by various factors help reduce potential attack vectors and enhance security. Option A does not directly address container security, while D, although useful for signing, does not mitigate the attack surface significantly. Option E actually increases risk by allowing containers to escape the host kernel, which is not a security enhancement.