Module 3 · Cloud & Infrastructure
📖 6 min read

Containerization with Docker - Quiz#

No.

Training Unit

Lecture

Training content

Question

Level

Mark

Answer

Answer Option A

Answer Option B

Answer Option C

Answer Option D

Explanation

1

Unit 1: Containerization with Docker

Lec1

Containers vs VMs

What is a key difference between containers and virtual machines?

Easy

1

A

Containers share the host OS kernel

Containers include a complete guest OS

Containers use hardware virtualization

Containers require a hypervisor

Containers share the host OS kernel, making them lightweight and fast to start, while VMs run complete operating systems on virtualized hardware.

2

Unit 1: Containerization with Docker

Lec1

Container Startup

Compared to virtual machines, containers typically start in:

Easy

1

B

Minutes

Seconds or less

Hours

The same time as VMs

Containers start in seconds or less due to their lightweight nature, while VMs take minutes because they boot a complete OS.

3

Unit 1: Containerization with Docker

Lec1

Docker Concepts

What is a Docker image?

Easy

1

C

A running process in Docker

A container management tool

A read-only template for creating containers

A Docker configuration file

A Docker image is a read-only template containing instructions for creating a Docker container - think of it as a snapshot or blueprint.

4

Unit 1: Containerization with Docker

Lec1

Docker Concepts

What creates a new layer in a Docker image?

Easy

1

D

ENV instruction only

EXPOSE instruction only

WORKDIR instruction only

RUN, COPY, and ADD instructions

Each RUN, COPY, and ADD instruction in a Dockerfile creates a new layer. Layers are cached and reused to speed up builds.

5

Unit 1: Containerization with Docker

Lec1

Docker Commands

Which command is used to list all containers including stopped ones?

Easy

1

B

docker ps

docker ps -a

docker list –all

docker containers

The docker ps -a command lists all containers including stopped ones, while docker ps only shows running containers.

6

Unit 1: Containerization with Docker

Lec1

Port Mapping

In the command docker run -p 8080:80 nginx, what does 8080 represent?

Medium

2

A

The host port

The container port

The nginx version

The protocol number

In port mapping syntax -p HOST:CONTAINER, 8080 is the host port and 80 is the container port. Traffic on host port 8080 is forwarded to container port 80.

7

Unit 1: Containerization with Docker

Lec1

Volumes

What is the purpose of Docker volumes?

Easy

1

C

To increase container memory

To speed up container startup

To persist data beyond container lifecycle

To share CPU resources

Volumes persist data beyond container lifecycle. Without volumes, data inside containers is lost when the container is removed.

8

Unit 1: Containerization with Docker

Lec1

Dockerfile Best Practices

Why should dependency files be copied before application code in a Dockerfile?

Medium

2

B

To reduce image size

To maximize layer caching

To improve security

To speed up container startup

Docker caches layers and reuses them if unchanged. Copying dependency files first means dependencies only rebuild when they change, not on every code change.

9

Unit 1: Containerization with Docker

Lec1

Layer Optimization

What is the best practice for running multiple apt-get commands in a Dockerfile?

Medium

2

A

Combine them in a single RUN instruction

Use separate RUN instructions for each

Use a shell script

Run them in the CMD instruction

Combining commands in a single RUN instruction minimizes layers. Multiple RUN commands create unnecessary layers and increase image size.

10

Unit 1: Containerization with Docker

Lec1

Base Images

Which Python base image variant is recommended for production?

Medium

2

B

python:3.13

python:3.13-slim

python:3.13-alpine

python:3.13-full

The -slim variants are recommended for production as they have a good balance of size (~150MB) and compatibility. Alpine can have pip compile issues.

11

Unit 1: Containerization with Docker

Lec1

Base Images

Why should you avoid using the latest tag for base images in production?

Medium

2

C

It uses more disk space

It’s slower to download

It can change unexpectedly and break builds

It’s not supported by Docker Hub

Using latest tags can lead to non-deterministic builds. When the upstream image updates, your builds may break unexpectedly.

12

Unit 1: Containerization with Docker

Lec1

Multi-stage Builds

What is the primary benefit of multi-stage Docker builds?

Medium

2

A

Smaller final images

Faster build times

More secure builds

Better caching

Multi-stage builds allow you to use build tools in one stage and copy only runtime artifacts to the final stage, resulting in much smaller production images.

13

Unit 1: Containerization with Docker

Lec1

Multi-stage Builds

In a multi-stage build, how do you copy files from a previous stage named “builder”?

Medium

2

D

COPY builder:/path /dest

COPY –stage=builder /path /dest

COPY [builder] /path /dest

COPY –from=builder /path /dest

The syntax COPY --from=builder /source /dest copies files from a named stage to the current stage.

14

Unit 1: Containerization with Docker

Lec1

Security

Why should containers run as non-root users?

Medium

2

B

To improve performance

To limit damage if an attacker exploits a vulnerability

To reduce image size

To enable volume mounting

Running as root is a security risk. If an attacker exploits a vulnerability, they gain root access to the container and potentially the host.

15

Unit 1: Containerization with Docker

Lec1

Security

Where should secrets like database passwords be stored in Docker?

Easy

1

D

In the Dockerfile ENV instruction

In the Docker image

In the source code

Injected at runtime via environment variables or Docker secrets

Secrets should never be stored in Dockerfiles or images. They should be injected at runtime using environment variables or Docker/Kubernetes secrets.

16

Unit 1: Containerization with Docker

Lec1

.dockerignore

What is the purpose of a .dockerignore file?

Easy

1

A

Exclude files from the build context

Ignore Docker commands

Skip certain Dockerfile instructions

Disable Docker caching

A .dockerignore file excludes unnecessary files from the build context, reducing build time and preventing sensitive files from being included in images.

17

Unit 1: Containerization with Docker

Lec1

Docker Commands

Which command shows real-time resource usage of running containers?

Easy

1

C

docker top

docker inspect

docker stats

docker logs

The docker stats command shows real-time resource usage (CPU, memory, network I/O) of running containers.

18

Unit 1: Containerization with Docker

Lec1

Healthchecks

What does a HEALTHCHECK instruction do in a Dockerfile?

Medium

2

B

Checks host system health

Defines a command to test if the container is working correctly

Validates the Dockerfile syntax

Monitors disk space

HEALTHCHECK defines a command that Docker runs periodically to check if the container application is healthy and functioning correctly.

19

Unit 1: Containerization with Docker

Lec1

Security

What does the --cap-drop=ALL flag do when running a container?

Hard

3

A

Removes all Linux capabilities from the container

Disables all networking

Prevents all file operations

Stops all processes

The --cap-drop=ALL flag removes all Linux capabilities, following the principle of least privilege. You can then add back only required capabilities.

20

Unit 1: Containerization with Docker

Lec1

Container Isolation

What technology does Docker use for process-level isolation on Linux?

Hard

3

D

Hypervisor

Virtual machines

Hardware virtualization

Linux namespaces and cgroups

Docker uses Linux namespaces for isolation (process, network, mount) and cgroups for resource limiting (CPU, memory).