Answer-first summary for fast verification
Answer: Package a single app as a container., Remove any unnecessary tools not needed by the app.
The question asks for two items to incorporate into building a secure container image. Based on container security best practices and the community consensus (with BC receiving 100% agreement and high upvotes): - **B: Package a single app as a container** is optimal because it follows the principle of least functionality, reducing the attack surface by isolating applications. - **C: Remove any unnecessary tools not needed by the app** is crucial for minimizing vulnerabilities, as extraneous software can introduce security risks. Other options are less suitable: - **A: Ensure that the app does not run as PID 1** is incorrect; Google's best practices state that running as PID 1 is acceptable if signal handlers are properly implemented, and it is not a primary security measure for image builds. - **D: Use public container images as a base image** is risky due to potential vulnerabilities in public images; trusted or minimal base images are preferred. - **E: Use many container image layers to hide sensitive information** is ineffective and against best practices, as layers are immutable and sensitive data may still be accessible in earlier layers.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
When building a secure container image, which two elements should you include in the build process whenever possible? (Choose two.)
A
Ensure that the app does not run as PID 1.
B
Package a single app as a container.
C
Remove any unnecessary tools not needed by the app.
D
Use public container images as a base image for the app.
E
Use many container image layers to hide sensitive information.
No comments yet.