Question 39
Domain 6: Monitoring, Logging and Runtime SecurityWhy do security teams like immutable-container patterns during incident response?
Correct answer: A
Explanation
Immutable-container patterns make the container’s runtime state “supposed to stay fixed,” so any drift stands out quickly during incident response. That helps security teams spot “unexpected changes” because a container that should not change is easier to compare against its known baseline.
Why each option is right or wrong
A. Unexpected changes are easier to spot when the runtime state is supposed to stay fixed
Under immutable-container practice, the deployed image is treated as read-only and any modification to the running filesystem or process state is outside the expected baseline. During incident response, that makes drift immediately visible because the investigator can compare the live container against the known-good image and flag any unauthorized change, rather than trying to distinguish normal updates from tampering.
B. Immutable containers never need logs
Logs are still essential for auditing, troubleshooting, and reconstructing events in immutable environments.
C. They remove the need for rollouts
Immutable patterns change how updates happen; they still require rollouts by replacing old containers.
D. They make cluster upgrades unnecessary
Cluster upgrades concern the orchestration platform and nodes, not whether application containers are immutable.