ITGSS Certified DevOps Engineer Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Get ready for the ITGSS DevOps Engineer Exam with flashcards and multiple choice questions, each question includes hints and explanations. Prepare effectively and succeed on your exam!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What is the recommended practice for handling sensitive data in containers?

  1. Passing them as environment variables

  2. Storing them in plain text

  3. Mounting them into read-only volumes

  4. Using them directly in code

The correct answer is: Mounting them into read-only volumes

The recommended practice for handling sensitive data in containers is to mount them into read-only volumes. This approach enhances security by allowing sensitive information, such as configuration files or secrets, to be stored outside of the container image. By mounting sensitive data as a read-only volume, you ensure that the application running in the container has access to the data it needs without the risk of modifying it during runtime. Using read-only volumes also helps to minimize the attack surface, as it reduces the chances of exposing sensitive information through environment variables or other means that could be exploited. Additionally, this practice allows for better management of secrets, as they can be updated or rotated independently of the container's underlying image, promoting a more secure and flexible deployment process. In contrast, passing sensitive data as environment variables may expose that data unnecessarily in logs, process listings, or other outputs. Storing sensitive data in plain text, as well as using them directly in code, poses significant security risks by embedding secrets within the application, increasing the likelihood of accidental exposure.

More Questions Like This