Bird
0
0

You scanned an image and found vulnerabilities in a package that is not used by your application. What is the best practice to handle this?

hard📝 Application Q9 of 15
Docker - Security
You scanned an image and found vulnerabilities in a package that is not used by your application. What is the best practice to handle this?
ADisable scanning for that image
BCreate a custom Dockerfile to remove or update the unused package
CSwitch to a different base image without scanning
DIgnore the vulnerability since the package is unused
Step-by-Step Solution
Solution:

  1. Step 1: Understand vulnerability context

    Even unused packages can pose risks if present in the image.

  2. Step 2: Apply best practice

    Removing or updating unused vulnerable packages via Dockerfile reduces risk.

  3. Final Answer:

    Create a custom Dockerfile to remove or update the unused package -> Option B

  4. Quick Check:

    Remove unused vulnerable packages via Dockerfile = D [OK]
Quick Trick: Remove or update unused vulnerable packages in Dockerfile [OK]
Common Mistakes:
  • Ignoring vulnerabilities even if unused
  • Skipping scans by switching images
  • Disabling scanning instead of fixing

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Docker Quizzes
Docker Security - Capabilities and privilege control - Quiz 1easy Docker Security - Security benchmarks (CIS Docker) - Quiz 2easy Docker Swarm - Manager and worker nodes - Quiz 3easy Docker Swarm - Deploying services in Swarm - Quiz 9hard Docker in CI/CD - Running tests in containers - Quiz 3easy Image Optimization - Why image optimization matters - Quiz 3easy Image Optimization - Scratch base image for minimal containers - Quiz 1easy Logging and Monitoring - Centralized logging setup - Quiz 6medium Resource Management - Storage driver options - Quiz 4medium Resource Management - Storage driver options - Quiz 9hard