Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKS Exam - Topic 1 Question 38 Discussion

Actual exam question for Linux Foundation's CKS exam
Question #: 38
Topic #: 1
[All CKS Questions]

Analyze and edit the given Dockerfile

FROM ubuntu:latest

RUN apt-get update -y

RUN apt-install nginx -y

COPY entrypoint.sh /

ENTRYPOINT ["/entrypoint.sh"]

USER ROOT

Fixing two instructions present in the file being prominent security best practice issues

Analyze and edit the deployment manifest file

apiVersion: v1

kind: Pod

metadata:

name: security-context-demo-2

spec:

securityContext:

runAsUser: 1000

containers:

- name: sec-ctx-demo-2

image: gcr.io/google-samples/node-hello:1.0

securityContext:

runAsUser: 0

privileged: True

allowPrivilegeEscalation: false

Fixing two fields present in the file being prominent security best practice issues

Don't add or remove configuration settings; only modify the existing configuration settings

Whenever you need an unprivileged user for any of the tasks, use user test-user with the user id 5487

Show Suggested Answer Hide Answer
Suggested Answer: A

by Marjory at Jul 06, 2023, 12:12 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jamal
4 months ago
Is it really necessary to use a specific user ID like 5487? Sounds odd.
upvoted 0 times
...
Denny
4 months ago
I think the `privileged: True` setting is a huge red flag.
upvoted 0 times
...
Orville
5 months ago
Wait, why is `runAsUser` set to 0 in the manifest? That's risky!
upvoted 0 times
...
Blondell
5 months ago
Totally agree, using `USER ROOT` is a bad practice!
upvoted 0 times
...
Hillary
5 months ago
The Dockerfile should use `apt-get install` instead of `apt-install`.
upvoted 0 times
...
Aileen
5 months ago
I think I’ve seen similar questions where we had to adjust security contexts, but I’m not clear on whether I should keep allowPrivilegeEscalation as false or change it based on the user ID.
upvoted 0 times
...
Reita
5 months ago
For the Kubernetes manifest, I recall we practiced changing the runAsUser to a non-zero value, but I’m not sure if I should set it to 5487 directly or just remove the privileged setting.
upvoted 0 times
...
Earleen
6 months ago
I’m a bit unsure about the apt-install command; I think it should be apt-get install instead. It seems like a common mistake in practice questions.
upvoted 0 times
...
Veronika
6 months ago
I remember we discussed the importance of using a non-root user in Dockerfiles to enhance security, so I think I need to change the USER ROOT line.
upvoted 0 times
...
Lasandra
6 months ago
Hmm, this seems like a tricky one. I know Tanzu Kubernetes Grid Service supports some CNI plugins, but I'm not totally sure which ones. I'll have to review my notes on that.
upvoted 0 times
...
Nell
6 months ago
Okay, let me think this through. The cases need to be organized by status, with Escalated first, then Active, then Closed. I'm pretty sure the States with conditions to filter by case status option is the way to go here.
upvoted 0 times
...
Bette
10 months ago
Well, well, well, looks like someone's got a penchant for playing with fire! 'apt-install' and 'USER ROOT'? Might as well just hand the keys to the kingdom over to the container and call it a day. And the deployment file? Privilege escalation and root access? Might as well just throw the whole server out the window and start over!
upvoted 0 times
Eladia
9 months ago
User 4: Definitely, those need to be fixed asap before any serious security breaches occur.
upvoted 0 times
...
Tuyet
10 months ago
User 3: And in the deployment manifest file, privilege escalation and root access? That's a disaster waiting to happen.
upvoted 0 times
...
Telma
10 months ago
User 2: I know, those are big no-nos. It's like giving full control to the container.
upvoted 0 times
...
Frederic
10 months ago
User 1: Yikes, 'apt-install' and 'USER ROOT' in the Dockerfile? That's a major security risk.
upvoted 0 times
...
...
Kindra
10 months ago
The Dockerfile needs to be fixed by correcting the 'apt-install' instruction and removing the 'USER ROOT' line. In the deployment manifest, the 'runAsUser: 0' and 'privileged: True' fields should be changed to use a non-root user for better security.
upvoted 0 times
Rusty
9 months ago
In the deployment manifest, we need to update 'runAsUser: 0' to use a non-root user.
upvoted 0 times
...
Kasandra
9 months ago
We should also remove the 'USER ROOT' line for security reasons.
upvoted 0 times
...
Hildegarde
10 months ago
Let's change 'apt-install' to 'apt-get install' in the Dockerfile.
upvoted 0 times
...
...
Allene
11 months ago
Haha, the Dockerfile is a real mess! 'apt-install'? Really? And running as root? Might as well just give the container the keys to the kingdom! As for the deployment file, oh boy, privilege escalation and root access? Might as well just hand over the entire server to the container!
upvoted 0 times
Chauncey
10 months ago
User 3: I agree, running as an unprivileged user with a specific user id is a much better approach.
upvoted 0 times
...
Mohammad
10 months ago
User 2: Absolutely, security best practices are essential. And that deployment manifest file is a disaster too.
upvoted 0 times
...
Helaine
10 months ago
User 1: Yeah, that Dockerfile needs some serious fixing. Running as root is a big no-no.
upvoted 0 times
...
...
Dianne
11 months ago
The deployment manifest file has some security issues. The 'runAsUser: 0' and 'privileged: True' fields give the container root privileges, which is not recommended for security reasons.
upvoted 0 times
...
Nathalie
11 months ago
I modified the Dockerfile to use debian:latest and added htop installation for better security.
upvoted 0 times
...
Felicidad
11 months ago
The first Dockerfile instruction has a typo in 'apt-install' instead of 'apt-get install'. Also, the 'USER ROOT' instruction is a security risk, it's better to run the container as a non-root user.
upvoted 0 times
Candra
10 months ago
User 2
upvoted 0 times
...
Roxane
11 months ago
User 1
upvoted 0 times
...
...
Lisha
11 months ago
I agree, it required careful analysis and editing to fix the security issues.
upvoted 0 times
...
Nathalie
11 months ago
I found the Dockerfile and deployment manifest file question tricky.
upvoted 0 times
...
Carmela
12 months ago
I believe modifying the deployment manifest file is also crucial for security. We need to fix those fields.
upvoted 0 times
...
Edda
12 months ago
I agree, we should analyze and edit the Dockerfile to ensure best security practices.
upvoted 0 times
...
Augustine
12 months ago
I think the Dockerfile needs to be edited to fix security issues.
upvoted 0 times
...

Save Cancel