0
0
Dockerdevops~20 mins

Security benchmarks (CIS Docker) - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
CIS Docker Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
1:30remaining
Check Docker daemon configuration for CIS compliance
You run the command docker info --format '{{json .SecurityOptions}}' on a Docker host. What is the expected output if the host is compliant with CIS benchmark regarding security options?
Docker
docker info --format '{{json .SecurityOptions}}'
A["name=seccomp", "name=selinux", "name=apparmor"]
B["name=seccomp", "name=apparmor"]
C["name=selinux"]
Dnull
Attempts:
2 left
💡 Hint
CIS recommends enabling multiple security options including seccomp, apparmor, and selinux where applicable.
🧠 Conceptual
intermediate
1:00remaining
Understanding CIS Docker benchmark for container user privileges
According to CIS Docker benchmarks, which practice is recommended to reduce risk related to container user privileges?
AAllow containers to run with any user ID
BRun containers as root user to avoid permission issues
CRun containers with a non-root user inside the container
DDisable user namespaces for better compatibility
Attempts:
2 left
💡 Hint
Running containers as root inside the container increases security risks.
Troubleshoot
advanced
1:30remaining
Troubleshoot Docker daemon logging configuration for CIS compliance
You configured Docker daemon with --log-driver=json-file and --log-opt max-size=10m. After restarting Docker, logs are not rotating as expected. What is the most likely cause?
AThe <code>max-size</code> option must be set in bytes, not megabytes
BThe <code>json-file</code> log driver does not support log rotation
CDocker daemon must be restarted twice for logging options to apply
DDocker daemon requires <code>--log-opt max-file</code> to specify number of rotated files
Attempts:
2 left
💡 Hint
Log rotation requires both size limit and number of files to keep.
🔀 Workflow
advanced
2:00remaining
Implementing CIS Docker benchmark for image vulnerability scanning
Which sequence of steps correctly implements a workflow to scan Docker images for vulnerabilities as recommended by CIS Docker benchmarks?
A2,1,3,4
B1,2,3,4
C1,3,2,4
D3,1,2,4
Attempts:
2 left
💡 Hint
Start with pulling the image, then scan, fix, and finally push.
Best Practice
expert
1:30remaining
Identify the best CIS Docker benchmark practice for container network security
Which of the following is the best CIS Docker benchmark practice to secure container networking?
ACreate and use user-defined bridge networks with restricted access
BDisable Docker's user-defined networks to reduce complexity
CUse the default bridge network for all containers to simplify management
DAllow containers to communicate freely on the host network
Attempts:
2 left
💡 Hint
User-defined networks allow better control over container communication.