{"id":8712,"date":"2020-01-14T08:09:38","date_gmt":"2020-01-14T08:09:38","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=8712"},"modified":"2025-02-01T23:03:14","modified_gmt":"2025-02-01T23:03:14","slug":"docker-interview-questions-and-answer-part-7","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/docker-interview-questions-and-answer-part-7\/","title":{"rendered":"Docker Interview Questions and Answer Part \u2013 7"},"content":{"rendered":"\n<p><strong>Docker recommends using the responsible disclosure model for reporting vulnerabilities in the Docker platform. What does this mean?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Simultaneously report the vulnerability to Docke and openly publish details of the vulnerability so that the wider community can take preventative action.<\/li><li><strong>After reporting the vulnerability to Docker, desist from further disclosure for a period of time to enable the project time to remedy the vulnerability. (Ans)<\/strong><\/li><li>Engineer a patch to remedy the vulnerability and describe the vulnerability and its fix in a GitHub pull request.<\/li><\/ul>\n\n\n\n<p><strong>Why does RancherOS launch two Docker daemons on boot?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>To implement redundancy in the event that one of the daemons becomes unavailable<\/li><li><strong>To isolate application containers from the host&#8217;s system services (Ans)<\/strong><\/li><li>To improve system performance by load balancing Engine API requests<\/li><\/ul>\n\n\n\n<p><strong>Given the following users and their group membership, which user will NOT have the means to access the Docker Engine API on its UNIX domain socket?<\/strong><\/p>\n\n\n\n<p><strong>rackham: uid=1000(rackham) gid=1000(rackham) groups=1000(rackham),27(sudo)<\/strong><\/p>\n\n\n\n<p><strong>baxter: uid=1001(baxter) gid=1001(baxter) groups=1001(baxter),999(docker)<\/strong><\/p>\n\n\n\n<p><strong>bolt: uid=1002(bolt) gid=1002(bolt) groups=1002(bolt)<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>baxter<\/li><li><strong>bolt (Ans)<\/strong><\/li><li>rackham<\/li><\/ul>\n\n\n\n<p><strong>Which of the following statements is untrue about Docker?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>By default, Docker doesn&#8217;t create containers in user namespaces because not all Linux distributions enable user namespaces in their kernel. (Ans)<\/strong><\/li><li>Docker creates a sub-directory in its data root so that newly created objects are owned by the UID\/GID at the top of the dock-remap user&#8217;s subordinate ranges.<\/li><li>User namespaces allow a container&#8217;s process to be privileged in its own user namespace, whilst remaining non-privileged in the host&#8217;s user namespace.<\/li><\/ul>\n\n\n\n<p><strong>A Docker admin needs a container to be able to write to a file owned by the root user located in the \/etc directory. The Docker daemon is running with user namespace remapping enabled and the file is to be made available to the container as a bind mount. What is the best means of circumventing any permissions problems?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Change the group ownership of the file to that of the remapped group ID that is used by the Docker daemon when creating containers.<\/li><li>Temporarily reconfigure the Docker daemon to disable user namespace remapping for the lifetime of the container.<\/li><li><strong>Use the &#8211;userns config option with the argument host to disable the use of user namespaces for the container. (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>What is the process of granting a client access to objects based on their identity?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Approval<\/li><li><strong>Authorization (Ans)<\/strong><\/li><li>Authentication<\/li><\/ul>\n\n\n\n<p><strong>The Open Policy Agent (OPA) is a general purpose policy engine. Which of the following attributes is essential for it to function as a Docker authorization plugin?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Its ability to act as an independent decision making service for clients (Ans)<\/strong><\/li><li>The availability of variables in Rego for defining policy rules<\/li><li>The means for adding contextual data for use in rule evaluation<\/li><\/ul>\n\n\n\n<p><strong>An environment variable can be used to define or override a registry setting. Which of the following variables defines or overrides the path to the certificate bundle used to sign tokens?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>AUTH_TOKEN_CERTBUNDLE<\/li><li>AUTH_TOKEN_ROOTCERTBUNDLE<\/li><li><strong>REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE (Ans)<\/strong><\/li><li>REGISTRY_TLS_CERTIFICATE<\/li><\/ul>\n\n\n\n<p><strong>Which of the following registry operations are not provided to a client of the Docker Engine API?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Pull an image from a registry repo<\/li><li><strong>Remove an image from a registry repo (Ans)<\/strong><\/li><li>Push an image to a registry repo<\/li><\/ul>\n\n\n\n<p><strong>Which of the following is NOT a valid argument to the &#8211;secret config option for associating a secret with a swarm service?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>source=db_pw,target=password,mode=0400<\/li><li>db_pw<\/li><li><strong>source=$(pwd)\/db_pw,target=password  (Ans)<\/strong><\/li><\/ul>\n\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_50768\"><iframe loading=\"lazy\"  id=\"_ytid_89608\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_50768\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Docker recommends using the responsible disclosure model for reporting vulnerabilities in the Docker platform. What does this mean? Simultaneously report the vulnerability to Docke and openly publish details of the&#8230; <\/p>\n","protected":false},"author":1,"featured_media":8723,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[4862],"tags":[],"class_list":["post-8712","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-docker"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8712","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=8712"}],"version-history":[{"count":2,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8712\/revisions"}],"predecessor-version":[{"id":25138,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8712\/revisions\/25138"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media\/8723"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=8712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=8712"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=8712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}