A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the
Docker host due to a single application that is overconsuming available resources.
Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?
B
Reference:
https://www.ibm.com/support/pages/deep-dive-yarn-cgroups-hadoop-dev
I think it's B - CGroups "Namespaces provide isolation of system resources, and cgroups allow for fine‑grained control and enforcement of limits for those resources."
Cgroups, or control groups, is a Linux kernel feature that allows the administrator to allocate resources such as CPU, memory, and I/O bandwidth to processes or groups of processes in a system. Cgroups can be used to limit resource allocation to containers, ensuring that a single application does not overconsume available resources and cause resource exhaustion on the Docker host.
Cgroups, or Control Groups, is a Linux kernel feature that allows for the allocation of resources, such as CPU, memory, and I/O, among a group of processes. Cgroups can be used to limit the amount of resources that a container is allowed to use, preventing a single application from overconsuming available resources on the Docker host.
I'm going with B
B is the correct answer " CGroups "
https://www.nginx.com/blog/what-are-namespaces-cgroups-how-do-they-work/
Quick Googles search. cgroups, short for control groups, allow administrators to limit and distribute resources among different groups of processes. Namespaces, on the other hand, create isolated environments for processes, separating them from the host system and other processes
I think its B as well https://medium.com/@BeNitinAgarwal/understanding-the-docker-internals-7ccb052ce9fe#:~:text=Cgroups,optionally%20enforce%20limits%20and%20constraints.
Selected answer should be C
Cgroups (Control Groups): Cgroups is a Linux kernel feature that allows the system administrator to allocate and limit the resources (CPU, memory, disk I/O, network bandwidth, etc.) that processes or groups of processes can use. It is specifically designed to manage and limit resource usage in a way that ensures that no single application can exhaust the available resources on a Docker host, thus providing a way to control resource allocation to containers.
From ChatGPT, after asking the difference between Cgroups and namespaces: Cgroups are used to set resource limits and manage resource allocation, while namespaces provide process isolation, network isolation, and other forms of isolation
B. Cgroups is the correct answer. Cgroups is a Linux kernel feature that allows the isolation, prioritization, and accounting of resource usage (such as CPU, memory, disk I/O) for a collection of processes, which is crucial for managing resources in containerized environments like Docker.
Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
https://www.howtogeek.com/devops/what-are-linux-namespaces-and-what-are-they-used-for/#:~:text=Cgroup%20is%20another,a%20specific%20cgroup. Cgroups is for groups, namespace is f
see my explanation below
according to comptia containerization is the best method, they also show examples of docker in their book and also stated that is better to establish namespaces
LinuxNamespaces are a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set