Practice - 5 Tasks
Answer the questions below
1fill in blank
easyComplete the command to scan Docker images using the CIS benchmark tool.
Docker
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock [1] Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using unrelated images like 'ubuntu' or 'nginx' which do not perform CIS scans.
✗ Incorrect
The official CIS Docker Benchmark image is 'cisecurity/cis-docker-benchmark' which scans Docker images for security compliance.
2fill in blank
mediumComplete the command to run the CIS Docker Benchmark with verbose output.
Docker
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock cisecurity/cis-docker-benchmark [1] Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using '--quiet' or '--silent' which reduce output instead of increasing it.
✗ Incorrect
The '--verbose' flag enables detailed output during the CIS Docker Benchmark scan.
3fill in blank
hardFix the error in this Docker CIS benchmark command to correctly mount the Docker socket.
Docker
docker run --rm -v [1]:/var/run/docker.sock cisecurity/cis-docker-benchmark Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using incorrect paths like '/docker.sock' or '/var/lib/docker.sock' which do not exist.
✗ Incorrect
The Docker socket is located at '/var/run/docker.sock' on the host and must be mounted to the same path inside the container.
4fill in blank
hardFill both blanks to create a Docker command that runs the CIS benchmark and saves the report to a local directory.
Docker
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v [1]:/report cisecurity/cis-docker-benchmark [2]
Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using incorrect flags like '--save' which is not supported.
Mounting wrong directories that do not exist.
✗ Incorrect
Mount the local directory '/home/user/cis_reports' to '/report' in the container and use the '--output' flag to save the report.
5fill in blank
hardFill all three blanks to create a command that runs the CIS Docker Benchmark, outputs in JSON format, and saves the report to a mounted directory.
Docker
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v [1]:/report cisecurity/cis-docker-benchmark [2] [3]
Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Mixing up '--output' and '--format' flags.
Using unsupported output formats.
✗ Incorrect
Mount '/var/lib/cis_reports' to '/report', use '--output' to specify saving, and '--format' to set output format like 'json'.