MCQs Questions on Advanced Docker Concepts | Docker Multiple Choice Questions
Enhance your expertise with these Docker MCQ questions and answers, covering advanced Docker concepts. Learn about Docker security best practices, resource limiting, managing secrets and configs, custom networks, DNS, and debugging containers. Ideal for Docker professionals and enthusiasts preparing for interviews or aiming to deepen their Docker knowledge.
Security Best Practices for Docker
- Which command is used to scan Docker images for vulnerabilities?
a) docker scan
b) docker inspect
c) docker secure
d) docker protect - What is the best practice for running containers securely?
a) Run containers as root
b) Always update Docker images
c) Limit container privileges
d) Disable SELinux - How can you prevent sensitive data from being stored in Docker images?
a) Use environment variables
b) Add secrets directly in Dockerfile
c) Use encrypted volumes
d) Avoid using ENTRYPOINT - Docker Content Trust (DCT) is used to:
a) Encrypt Docker images
b) Verify the authenticity of images
c) Manage Docker containers securely
d) Automate security audits - What is the purpose of enabling AppArmor in Docker?
a) To encrypt container storage
b) To enforce mandatory access control
c) To optimize resource usage
d) To enable DNS resolution
Resource Limiting (Memory, CPU)
- Which flag is used to limit memory usage for a container?
a) –cpu-shares
b) –memory
c) –mem-limit
d) –limit-memory - To restrict CPU usage for a Docker container, which flag is used?
a) –cpu-percent
b) –cpu-cores
c) –cpu-quota
d) –limit-cpu - Docker Swarm manages resource limits using:
a) Dockerfiles
b) Stack configuration
c) Resource pools
d) YAML files - What happens if a container exceeds its memory limit?
a) It crashes immediately
b) It swaps to disk
c) It is throttled
d) It is terminated - Which Docker command is used to check resource usage of running containers?
a) docker inspect
b) docker stats
c) docker usage
d) docker monitor
Managing Secrets and Configs
- Docker secrets are used for:
a) Storing sensitive data securely
b) Monitoring Docker logs
c) Configuring custom networks
d) Limiting resource usage - Which command is used to create a secret in Docker Swarm?
a) docker swarm secret add
b) docker secret create
c) docker secret add
d) docker swarm create-secret - Secrets in Docker Swarm are:
a) Stored in plain text
b) Encrypted at rest
c) Visible to all containers
d) Configurable only via CLI - Docker configs differ from secrets because:
a) Configs are always encrypted
b) Configs are meant for sensitive data only
c) Configs are used for non-sensitive configuration data
d) Configs cannot be version-controlled - To update a secret in Docker, you must:
a) Modify it directly in the container
b) Remove and recreate the secret
c) Use docker secret update
d) Restart the Docker daemon
Custom Networks and DNS
- Which command creates a custom bridge network in Docker?
a) docker network create bridge
b) docker network create custom
c) docker network create –driver bridge
d) docker network bridge create - What is the default DNS server used by Docker containers?
a) 8.8.8.8
b) Host machine’s DNS
c) Docker’s internal DNS
d) A randomly assigned DNS - To assign a static IP to a container, you need to:
a) Use a custom bridge network
b) Modify the Dockerfile
c) Configure container ports
d) Use the default bridge network - In a Docker overlay network, containers:
a) Can communicate across different hosts
b) Must run on the same host
c) Require external DNS configuration
d) Cannot access other containers - Which flag enables DNS resolution when starting a container?
a) –dns
b) –network-dns
c) –resolve
d) –host-dns
Debugging and Monitoring Docker Containers
- Which command displays the logs of a running Docker container?
a) docker inspect logs
b) docker logs
c) docker events logs
d) docker container logs - Docker’s built-in tool for monitoring container resource usage is:
a) docker monitor
b) docker stats
c) docker usage
d) docker inspect - To debug a running container, which of the following can you use?
a) docker debug-container
b) docker exec
c) docker shell-debug
d) docker attach - Which command helps troubleshoot network issues in Docker?
a) docker network inspect
b) docker diagnose
c) docker net-debug
d) docker trace-network - When a container fails to start, which log file should you check first?
a) Dockerfile.log
b) daemon.log
c) container.log
d) docker-engine.log
Advanced Query Features
- Which of the following is not a monitoring tool for Docker?
a) Prometheus
b) Grafana
c) Docker Compose
d) cAdvisor - The
--entrypointflag is used to:
a) Modify resource limits
b) Specify the command executed by the container
c) Set custom DNS servers
d) Create a new secret - Which command displays detailed information about a container’s configuration?
a) docker config inspect
b) docker container inspect
c) docker details
d) docker stats - Docker monitoring tools like Prometheus use which mechanism to collect data?
a) Logs
b) Metrics scraping
c) SNMP
d) Network traces - To capture a snapshot of a running container’s filesystem, you can use:
a) docker snapshot create
b) docker commit
c) docker save
d) docker export
Answer Key
| QNo | Answer (Option with Text) |
|---|---|
| 1 | a) docker scan |
| 2 | c) Limit container privileges |
| 3 | a) Use environment variables |
| 4 | b) Verify the authenticity of images |
| 5 | b) To enforce mandatory access control |
| 6 | b) –memory |
| 7 | c) –cpu-quota |
| 8 | b) Stack configuration |
| 9 | d) It is terminated |
| 10 | b) docker stats |
| 11 | a) Storing sensitive data securely |
| 12 | b) docker secret create |
| 13 | b) Encrypted at rest |
| 14 | c) Configs are used for non-sensitive configuration data |
| 15 | b) Remove and recreate the secret |
| 16 | c) docker network create –driver bridge |
| 17 | c) Docker’s internal DNS |
| 18 | a) Use a custom bridge network |
| 19 | a) Can communicate across different hosts |
| 20 | a) –dns |
| 21 | b) docker logs |
| 22 | b) docker stats |
| 23 | b) docker exec |
| 24 | a) docker network inspect |
| 25 | b) daemon.log |
| 26 | c) Docker Compose |
| 27 | b) Specify the command executed by the container |
| 28 | b) docker container inspect |
| 29 | b) Metrics scraping |
| 30 | b) docker commit |