Open Source Project Security Patching Quiz

Questions and Answers

Why are containers meant to be immutable?

To allow SSH access into the machine.

To avoid the need for automated testing.

To rebuild and redeploy the whole image instead of patching live containers. (correct)

To enable patching live containers easily.

What is the advantage of patching images in the container registry instead of patching live containers?

Achieving content addressability.

Directly scanning production clusters for vulnerabilities.

Avoiding the need for canarying.

Rolling out fully patched container images as one unit. (correct)

How does using containers help in avoiding downtime while patching newly discovered vulnerabilities?

By manually patching each instance in a task.

By achieving content addressability.

By rolling out patched images with blue/green deployments. (correct)

By frequently scanning production clusters.

What is the benefit of having containers that provide content addressability?

To identify susceptible versions and apply patches easily.

How do containers help in making the patch rollout process similar to the code rollout process?

By enabling monitoring, canarying, and testing during the rollout.

What approach suggests gradually rolling out changes with instrumentation for canarying?

Staged roll out

Why is it important to keep dependencies up to date?

To make the system less susceptible to new vulnerabilities

Which strategy is suggested to enable easy roll out of changes with minimal friction?

Updating dependencies and rebuilding frequently

Why is a 'slow and steady' approach to rollout recommended?

To avoid widespread downtime or data loss

Which practice involves no change in behavior when a specific feature is turned off?

Staged roll out

What strategy can help reduce the need for ad hoc patching of containers?

Monitor the age of containers and redeploy regularly

What is a recommended practice to avoid redeploying older, unpatched container images in production?

Enforce deploying only recently built containers

How does using a microservices architecture help in managing potential bottlenecks between services?

By splitting workloads into smaller units

What advantage does independently scaling, load balancing, and performing rollouts in each microservice provide?

More flexibility to make infrastructure changes

How do microservices facilitate limited or zero trust networking?

Not inherently trusting a service just because it's in the same network

Why is it recommended to split one large release into many smaller ones?

To make it easier to understand what changed and pinpoint potential issues.

What is the advantage of frequently rebuilding and redeploying your environment?

It allows for emergency rollouts to pick up the latest changes.

How does automated testing contribute to frequent releases?

It reduces the need for manual validation of code changes.

Why is backporting fixes to supported versions important?

To avoid merging with a backlog of changes.

What is the significance of ensuring dependencies are up to date?

It enables the direct application of critical patches.