Docker MCQs – Docker Security

Security is one of the most critical aspects of using Docker, especially in production environments. Docker Security ensures that containers are isolated, vulnerabilities are minimized, and sensitive information is protected.

Following MCQs will give you the confidence to answer security-related questions effectively and implement best practices in real-world scenarios.

1.) What is the primary reason for setting resource limits in Docker containers?

A) To improve the container’s performance
B) To restrict unauthorized network access
C) To prevent containers from exhausting host resources
D) To enable container orchestration

Answer: Option C

Explanation: Setting resource limits ensures containers cannot monopolize system resources, which helps prevent Denial of Service (DoS) attacks on the host system.

2.) Which of the following is a best practice to secure Docker containers?

A) Run containers as the root user
B) Use official and verified images
C) Store sensitive data in Dockerfiles
D) Allow unrestricted network access to containers

Answer: Option B

Explanation: Using official and verified images reduces the risk of vulnerabilities and ensures you are working with trusted container images.

3.) What does Docker Content Trust (DCT) provide?

A) Image signing and verification
B) Encryption for container logs
C) A logging framework for containers
D) Resource monitoring tools

Answer: Option A

Explanation: Docker Content Trust (DCT) ensures the authenticity of container images by providing signing and verification features.

4.) Which command is used to enable Docker Content Trust?

A) export DOCKER_ENABLE_TRUST=1
B) export DOCKER_CONTENT_TRUST=1
C) docker trust enable
D) docker trust sign

Answer: Option B

Explanation: The DOCKER_CONTENT_TRUST=1 environment variable enables Docker Content Trust for secure image handling.

5.) What is the purpose of AppArmor in Docker?

A) To provide network isolation
B) To restrict container resource usage
C) To enforce security profiles for containers
D) To manage container logs

Answer: Option C

Explanation: AppArmor is a Linux security module that enforces security profiles for Docker containers, restricting their access to system resources.

6.) What is the purpose of Docker Bench for Security?

A) To monitor container resource usage
B) To automate container deployments
C) To encrypt container data
D) To evaluate Docker installations against security best practices

Answer: Option D

Explanation: Docker Bench for Security is a script that checks a Docker installation against security best practices, providing a detailed report.

7.) Which of the following is NOT a recommended security practice for Docker?

A) Limit container privileges using –cap-drop
B) Use a minimal base image
C) Store secrets in environment variables
D) Regularly update Docker images

Answer: Option C

Explanation: Storing secrets in environment variables is not secure as they can be exposed; tools like Docker Secrets should be used instead.

8.) What is a dangling image in Docker?

A) An image with no associated tag
B) An image stored in a remote registry
C) An image with vulnerabilities
D) An image with large size

Answer: Option A

Explanation: A dangling image is one without an associated tag and may occupy unnecessary space.

9.) How can Docker images be scanned for vulnerabilities?

A) Using docker image prune
B) Using tools like Trivy or Docker Scan
C) By running the container and checking logs
D) By manually inspecting the Dockerfile

Answer: Option B

Explanation: Tools like Trivy and Docker Scan can analyze Docker images for known vulnerabilities, helping maintain secure images.

10.) What is the function of the –no-new-privileges flag?

A) Prevents a container from gaining additional privileges
B) Disables network access for the container
C) Restricts the container’s memory usage
D) Prevents the container from being restarted

Answer: Option A

Explanation: The –no-new-privileges flag prevents containers from gaining additional privileges, even if the binary has the setuid bit set.

Leave a Reply

Your email address will not be published. Required fields are marked *