CompTIA CASP+ (CAS-004) — Question 55
A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the
Docker host due to a single application that is overconsuming available resources.
Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?
Answer options
- A. Union filesystem overlay
- B. Cgroups
- C. Linux namespaces
- D. Device mapper
Correct answer: B
Explanation
Cgroups, or control groups, are a Linux kernel feature that allows for the limitation and prioritization of resource allocation to processes, including those within containers. This makes it the best choice for managing resource consumption. The other options, while related to containerization, do not directly address resource limiting: Union filesystem overlay pertains to file system management, Linux namespaces deal with process isolation, and Device mapper is related to storage management.