Docker MCQs – Docker Security

11.) Why should you avoid storing secrets in Docker images?

A) It increases image size
B) It slows down container startup
C) Secrets in images can be easily exposed when the image is shared
D) It prevents multi-stage builds

Answer: Option C

Explanation: Storing secrets in Docker images is a security risk because anyone with access to the image can view the secrets.

12.) What does the –cap-drop flag do in Docker?

A) Removes unused images from the host
B) Reduces a container’s capabilities
C) Disables logging for a container
D) Limits CPU usage for a container

Answer: Option B

Explanation: The –cap-drop flag reduces a container’s capabilities, enhancing security by removing unnecessary privileges.

13.) What is the default user in a Docker container if none is specified?

A) Non-root user
B) Host system user
C) Root user
D) Docker service user

Answer: Option C

Explanation: By default, Docker containers run as the root user, which can be a security risk if not explicitly changed.

14.) Which of the following tools can help enforce Docker image security policies?

A) Jenkins
B) Kubernetes
C) Docker Compose
D) Docker Content Trust

Answer: Option D

Explanation: Docker Content Trust (DCT) helps enforce image security policies by verifying and signing images.

15.) What is the function of the Docker –privileged flag?

A) Grants a container root access to the host
B) Disables network communication for the container
C) Encrypts container data
D) Sets resource limits for the container

Answer: Option A

Explanation: The –privileged flag grants a container full root access to the host, which should only be used with caution as it poses security risks.

16.) What is the purpose of using multi-stage builds in Docker security?

A) To reduce image size and exclude unnecessary dependencies
B) To improve container startup time
C) To increase the number of layers in the image
D) To automatically deploy containers

Answer: Option A

Explanation: Multi-stage builds help exclude unnecessary dependencies, reducing the attack surface of the final image.

17.) Which Docker feature isolates containers at the kernel level?

A) Control groups (cgroups)
B) Overlay network
C) Namespaces
D) Docker Compose

Answer: Option C

Explanation: Namespaces isolate containers at the kernel level, ensuring processes inside a container remain isolated from others.

18.) Why should you use minimal base images like alpine?

A) To reduce image build time
B) To minimize the attack surface
C) To ensure compatibility with all applications
D) To avoid multi-stage builds

Answer: Option B

Explanation: Minimal base images like alpine reduce the attack surface by including only essential components.

19.) What is the role of SELinux in Docker security?

A) Manages container networking
B) Encrypts container images
C) Enforces access control policies on containers
D) Scans Dockerfiles for vulnerabilities

Answer: Option C

Explanation: SELinux enforces access control policies on containers, ensuring they can only access resources they are authorized to.

Pages: 1 2

Leave a Reply

Your email address will not be published. Required fields are marked *