Bird
0
0

Which Docker run flag allows you to explicitly disable a capability for a container?

easy📝 Conceptual Q2 of 15
Docker - Security
Which Docker run flag allows you to explicitly disable a capability for a container?
A--privileged
B--cap-add
C--cap-drop
D--security-opt
Step-by-Step Solution
Solution:

  1. Step 1: Understand capability flags

    The --cap-add flag adds capabilities, while --cap-drop removes them.

  2. Step 2: Identify the flag to disable capabilities

    To disable or remove a capability, --cap-drop is used.

  3. Final Answer:

    --cap-drop -> Option C

  4. Quick Check:

    Flag to remove capabilities is --cap-drop [OK]
Quick Trick: Use --cap-drop to remove capabilities from containers [OK]
Common Mistakes:
  • Confusing --cap-add with --cap-drop
  • Using --privileged to remove capabilities
  • Thinking --security-opt disables capabilities

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Docker Quizzes
Docker Security - Read-only filesystem containers - Quiz 11easy Docker Swarm - Why orchestration matters - Quiz 2easy Docker Swarm - Swarm mode initialization - Quiz 9hard Image Optimization - Reducing image size strategies - Quiz 9hard Logging and Monitoring - Why monitoring containers matters - Quiz 15hard Logging and Monitoring - Container metrics collection - Quiz 12easy Production Patterns - Sidecar container pattern - Quiz 5medium Production Patterns - Backup and restore strategies - Quiz 8hard Production Patterns - Container orchestration in production - Quiz 3easy Resource Management - CPU limits and reservations - Quiz 10hard