4.2 Containerization

Question 1

What is containerization?

Answer 1

Containerization shares the host OS kernel across multiple containers while isolating each container’s user space.

Common tools include Docker and Kubernetes.

Question 2

What are the main benefits of containerization?

Answer 2

Efficient resource usage, enhanced security through logical isolation, and reduced overhead compared to traditional virtual machines.

Question 3

How do containers differ from virtual machines?

Answer 3

Containers share the host OS kernel, while VMs include a full OS and run on a hypervisor, making VMs more resource-intensive.

Question 4

What are common containerization tools?

Answer 4

Docker, Kubernetes, Parallels Virtuozzo, and OpenVZ.

Question 5

What is the main security risk of containerization?

Answer 5

Compromise of the host OS can expose all containers running on it.

Question 6

How does container isolation enhance security?

Answer 6

Containers are logically isolated and require virtual network connections for inter-container communication.

Question 7

What is the risk of shared physical servers in containerized environments?

Answer 7

Co-hosting with other organizations can introduce vulnerabilities from crashes or insecure neighbors.

Question 8

What is the significance of hypervisor exploits?

Answer 8

A single hypervisor vulnerability can compromise all VMs managed by it.

Question 9

What are key host OS security practices for containerization?

Answer 9

Regularly patching the OS, limiting access to critical systems, and using secure management interfaces.

Question 10

How can container workloads be secured?

Answer 10

Use orchestration tools like Kubernetes for monitoring and segmentation, and isolate sensitive workloads.

Question 11

What is the role of failover and redundancy in virtualization security?

Answer 11

They minimize downtime risks and ensure load balancing across physical servers.

Question 12

Why consider hypervisor diversity in virtualization?

Answer 12

It reduces the impact of a single hypervisor exploit but may increase costs for support and training.

Question 13

What is the trade-off between containerization and traditional virtualization?

Answer 13

Containerization is more resource-efficient but depends heavily on the host OS, while virtualization offers stronger isolation through hypervisors.

Question 14

How does load balancing improve security in virtualized environments?

Answer 14

It prevents server overloads by distributing workloads, reducing the risk of crashes.

Question 15

What should organizations evaluate when choosing between containerization and virtualization?

Answer 15

Efficiency, security, specific business needs, and the complexity of implementation.

Question 16

How do orchestration tools enhance container management?

Answer 16

They automate deployment, monitoring, scaling, and security for containerized workloads.

Question 17

What is Kubernetes?

Answer 17

A container orchestration tool that manages the deployment, scaling, and monitoring of containerized applications.

Question 18

Why is patching the host OS critical in containerized environments?

Answer 18

A compromised host OS can expose all running containers to attacks.

Question 19

What is logical isolation in containers?

Answer 19

A security feature where each container operates independently, with no direct access to other containers or the host OS.

Question 20

What is the primary advantage of containerization over traditional VMs?

Answer 20

It uses fewer resources by sharing the OS kernel and eliminates the need for a full OS in each instance.