🔥 3-day streak
CompTIA SecurityX (CAS-005)52 / 120
Question 52 of 120
A DevSecOps engineer is hardening a production Kubernetes cluster after an audit found that several application pods run with privileged security contexts, mount the host filesystem, and use the default service account with cluster-wide RBAC bindings. The applications are standard stateless web APIs that do not require host-level access. The engineer must reduce the container breakout and lateral movement risk with the least disruption to legitimate workloads. Which combination of controls MOST directly addresses the identified weaknesses?
Reviewed for accuracy · Report an issueNext question