ITGSS Certified DevOps Engineer Practice Test

An alert during container runtime security checks should be triggered when a process is run inside a container because this action can indicate potential security risks, such as unauthorized changes or execution of malicious code. Each process run inside a container has the potential to affect not just the container itself, but also the overall security posture of the host and other containers running in the same environment. Monitoring for processes helps ensure that only approved actions are executed, allowing teams to detect suspicious behavior rapidly.

In contrast, the other events mentioned may not require immediate alerts. Restarting a service or copying a file may be routine maintenance actions or part of normal operations that don't inherently signal a security threat. Similarly, pushing a new image typically involves a controlled process, already reviewed and verified, and while it is important to monitor, it does not have the same immediate implication for runtime security as the execution of a process within a running container does.