0
0
Dockerdevops~5 mins

Security benchmarks (CIS Docker) - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What is the purpose of the CIS Docker Benchmark?
The CIS Docker Benchmark provides a set of best practices and security guidelines to help secure Docker containers and the Docker host environment.
Click to reveal answer
intermediate
Name one key recommendation from the CIS Docker Benchmark related to Docker daemon configuration.
One key recommendation is to enable Docker Content Trust to ensure image authenticity and integrity during pull and push operations.
Click to reveal answer
beginner
Why should you avoid running containers with the root user according to CIS Docker Benchmark?
Running containers as root increases the risk of privilege escalation and potential host compromise. The benchmark recommends using non-root users inside containers.
Click to reveal answer
intermediate
What is the recommended action regarding Docker socket exposure in the CIS Docker Benchmark?
The benchmark advises not to expose the Docker socket (/var/run/docker.sock) to containers as it grants full control over the Docker daemon and host.
Click to reveal answer
intermediate
How does the CIS Docker Benchmark suggest managing container resource limits?
It recommends setting resource limits like CPU and memory to prevent containers from exhausting host resources and affecting other containers.
Click to reveal answer
What does the CIS Docker Benchmark primarily focus on?
AIncreasing Docker build speed
BOptimizing Docker network performance
CAdding new Docker features
DImproving Docker container security
According to CIS Docker Benchmark, which user should containers avoid running as?
Aroot
Bnobody
Cdocker
Dadmin
Why should the Docker socket not be exposed to containers?
AIt slows down container startup
BIt grants full control over the Docker daemon and host
CIt causes network conflicts
DIt increases image size
What is Docker Content Trust used for according to CIS Docker Benchmark?
AVerifying image authenticity and integrity
BMonitoring container performance
CManaging container logs
DEncrypting container data
What resource limits does CIS Docker Benchmark recommend setting for containers?
ANetwork bandwidth only
BDisk space only
CCPU and memory
DNo limits are recommended
Explain the importance of running Docker containers as non-root users according to the CIS Docker Benchmark.
Think about how root access inside containers can affect the host system.
You got /3 concepts.
    Describe why exposing the Docker socket to containers is discouraged in the CIS Docker Benchmark.
    Consider what control the Docker socket gives to a container.
    You got /3 concepts.