Bird
Raised Fist0
Cybersecurityknowledge~5 mins

Container security basics in Cybersecurity - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is a container in the context of cybersecurity?
A container is a lightweight, standalone package that includes an application and all its dependencies, allowing it to run consistently across different computing environments.
Click to reveal answer
beginner
Why is container security important?
Container security is important because containers share the host system's kernel, so vulnerabilities can affect the entire system if not properly secured.
Click to reveal answer
intermediate
Name one common security risk associated with containers.
One common risk is running containers with excessive privileges, which can allow attackers to escape the container and access the host system.
Click to reveal answer
intermediate
What is the role of container image scanning?
Container image scanning checks for known vulnerabilities and misconfigurations in container images before deployment to prevent security issues.
Click to reveal answer
intermediate
How does using minimal base images improve container security?
Minimal base images reduce the attack surface by including only essential components, lowering the chance of vulnerabilities.
Click to reveal answer
What does a container share with the host system?
AThe entire file system
BThe operating system kernel
CThe user interface
DThe hardware drivers
Which practice helps reduce container security risks?
AUsing minimal base images
BRunning containers as root user
CDisabling image scanning
DSharing containers between users
What is container image scanning used for?
ATo speed up container startup
BTo increase container size
CTo check for vulnerabilities
DTo share images publicly
What can happen if a container runs with excessive privileges?
AIt runs faster
BIt becomes invisible to attackers
CIt uses less memory
DIt can escape and affect the host system
Which of these is NOT a container security best practice?
AIgnoring vulnerability reports
BRegularly updating container images
CRunning containers with least privilege
DUsing trusted image sources
Explain why container security is critical and list two common risks.
Think about how containers share resources and what can go wrong.
You got /4 concepts.
    Describe three best practices to improve container security.
    Focus on reducing risks and preventing attacks.
    You got /3 concepts.

      Practice

      (1/5)
      1. What is the main reason containers need special security measures?
      easy
      A. Containers automatically encrypt all data without configuration
      B. Containers are always offline and isolated from networks
      C. Containers do not run any applications
      D. Containers share the host OS, so vulnerabilities can affect the whole system

      Solution

      1. Step 1: Understand container architecture

        Containers share the host operating system kernel, unlike virtual machines which have separate OS instances.

      2. Step 2: Identify security risk from shared OS

        Because containers share the OS, a vulnerability in one container can potentially affect others or the host.

      3. Final Answer:

        Containers share the host OS, so vulnerabilities can affect the whole system -> Option D

      4. Quick Check:

        Shared OS = Need special security [OK]
      Hint: Remember: shared OS means shared risk [OK]
      Common Mistakes:
      • Thinking containers are fully isolated like virtual machines
      • Assuming containers do not run apps
      • Believing containers encrypt data by default
      2. Which of the following is the correct command to scan a Docker container image for vulnerabilities?
      easy
      A. docker push <image_name>
      B. docker scan <image_name>
      C. docker run <image_name>
      D. docker build <image_name>

      Solution

      1. Step 1: Identify scanning command

        The docker scan command is used to check container images for known security issues.

      2. Step 2: Differentiate from other commands

        docker build creates images, docker run starts containers, and docker push uploads images to a registry.

      3. Final Answer:

        docker scan <image_name> -> Option B

      4. Quick Check:

        Scan command = docker scan [OK]
      Hint: Scan images with 'docker scan' command [OK]
      Common Mistakes:
      • Confusing build or run commands with scanning
      • Using push command to scan images
      • Not specifying image name with scan
      3. Consider this Dockerfile snippet:
      FROM alpine:latest
RUN apk add --no-cache curl
CMD ["curl", "http://example.com"]

      What is the main security risk in this container setup?
      medium
      A. The CMD command is incorrect syntax
      B. Alpine Linux is not supported for containers
      C. Using the latest tag can introduce untested vulnerabilities
      D. The container does not expose any ports

      Solution

      1. Step 1: Analyze the use of 'latest' tag

        Using 'latest' means the image can change over time, possibly introducing new vulnerabilities without notice.

      2. Step 2: Check other options for correctness

        CMD syntax is correct, Alpine is a common lightweight base image, and not exposing ports is not a risk itself.

      3. Final Answer:

        Using the latest tag can introduce untested vulnerabilities -> Option C

      4. Quick Check:

        Latest tag = potential risk [OK]
      Hint: Avoid 'latest' tag for stable security [OK]
      Common Mistakes:
      • Thinking CMD syntax is wrong
      • Believing Alpine is insecure by default
      • Assuming no exposed ports means no risk
      4. You have a container running with root privileges. Which change improves security the most?
      medium
      A. Run the container as a non-root user
      B. Increase the container's CPU limits
      C. Add more environment variables
      D. Use the host network mode

      Solution

      1. Step 1: Understand privilege risks

        Running containers as root can allow attackers to gain full control if compromised.

      2. Step 2: Identify best security practice

        Running as a non-root user limits permissions and reduces damage from attacks.

      3. Final Answer:

        Run the container as a non-root user -> Option A

      4. Quick Check:

        Non-root user = better security [OK]
      Hint: Never run containers as root user [OK]
      Common Mistakes:
      • Thinking CPU limits improve security
      • Adding environment variables does not secure
      • Using host network mode increases risk
      5. You want to securely store API keys inside a container without exposing them in the image or logs. Which approach is best?
      hard
      A. Use Docker secrets or environment variables managed outside the image
      B. Hardcode the keys in the Dockerfile
      C. Print keys in container logs for easy access
      D. Store keys in a public GitHub repository

      Solution

      1. Step 1: Identify secure secret management

        Docker secrets or environment variables injected at runtime keep keys out of images and logs.

      2. Step 2: Evaluate insecure options

        Hardcoding keys, logging them, or storing publicly exposes secrets to attackers.

      3. Final Answer:

        Use Docker secrets or environment variables managed outside the image -> Option A

      4. Quick Check:

        External secret management = secure keys [OK]
      Hint: Keep secrets outside images and logs [OK]
      Common Mistakes:
      • Hardcoding secrets in Dockerfile
      • Logging secrets accidentally
      • Publishing secrets publicly