M-DCA
Security
hard
Question 3 of 30

A security team wants a containerized helper process to run with the fewest privileges needed. Which capability strategy best matches Docker security guidance?

AGrant --privileged and rely on the application to behave safely
BKeep Docker's full default capability set and add more if possible
CDrop all capabilities and add back only those explicitly required
DUse host networking so Linux capabilities no longer matter

More Security Questions

30 questions

Full Docker Certified Associate Practice Test

All topics covered

All Docker Certified Associate Questions

Browse by topic

Related Questions

Which workload type can consume Docker secrets directly according to the official swarm secrets mode...

easy

On a Linux swarm node, where is a secret mounted inside a service task by default?...

medium

A service is actively using a secret. What happens if an administrator tries to remove that secret i...

medium

Which security feature maps container root to an unprivileged host UID range so that container root ...

medium

A team considers exposing the Docker daemon over unauthenticated plain HTTP on a TCP port for conven...

medium
View all Security questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account