Implementing DevOps Solutions and Practices Using Cisco Platforms (DEVOPS) — Question 12

Which two actions help limit the attack surface of your Docker container? (Choose two.)

Answer options

• A. Run only a single service in each container.
• B. Run all services in a single image.
• C. Use version tags for base images and dependencies.
• D. Use Kali Linux as a base image.
• E. Download images over HTTPS supporting sites.

Correct answer: A, E

Explanation

Running only a single service in each container (A) minimizes complexity and potential vulnerabilities by isolating services. Downloading images over HTTPS supporting sites (E) ensures that the images are retrieved securely, reducing the risk of man-in-the-middle attacks. The other options either increase the attack surface or do not provide significant security benefits.