Boost your DevOps skills with the ITGSS Certified DevOps Engineer Test. Use flashcards and multiple choice questions with hints and explanations. Be exam-ready!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.


Which feature can prevent attacks that rely on modifying the file system in containers?

  1. Read-only root file systems

  2. Write permissions

  3. Security audits

  4. Container orchestration tools

The correct answer is: Read-only root file systems

Read-only root file systems are a fundamental security feature in containerization that helps mitigate risks associated with file system modifications within containers. By configuring the root file system of a container as read-only, you effectively restrict any unauthorized changes to the file system during the container's runtime. This is particularly important for preventing attacks that seek to exploit vulnerabilities by altering files, injecting malicious code, or otherwise compromising the integrity of the container environment. When a file system is set as read-only, any attempt to write to that file system—whether it’s from an application running in the container or from an external actor attempting to exploit the container—is blocked. This not only protects critical system files and application binaries but also helps maintain the expected behavior of the containerized application, ensuring that it runs in a consistent and secure manner. Other features, like security audits, are useful for monitoring compliance and detecting anomalies, but they do not actively prevent attacks on the file system itself. Similarly, write permissions provide the capability to modify file systems, which could increase the attack surface instead of reducing it. Container orchestration tools can manage container lifecycles and deploy them securely, but on their own, they do not inherently enforce file system protections. Thus, utilizing read-only root file systems is