Here are the top Docker interview questions to prepare for your next role.
1️⃣ What is the key difference between a Docker Image and a Docker Container?
- A) An image is a running application, while a container is its source code.
- B) An image is for development, and a container is for production.
- C) An image is a read-only template, while a container is a runnable instance of an image.
- D) An image is a virtual machine, and a container is a lightweight process.
2️⃣ What is Docker Compose?
- A) A tool for defining and running multi-container Docker applications using a YAML file.
- B) A command used to build Docker images from a Dockerfile.
- C) A built-in Docker networking driver for connecting containers.
- D) A feature for managing Docker container logs and monitoring output.
3️⃣ Which Dockerfile practice most effectively prevents sensitive build-time data, such as API keys, from ending up inside the final production image?
- A) Using build-time ARG and not copying related files into final stages
- B) Running all commands under a non-root user
- C) Including secrets in environment variables during build
- D) Using a larger base image to avoid missing dependencies
4️⃣ A security engineer discovers that an internal service container can load arbitrary kernel modules due to inherited capabilities from its base image. The container is not running in privileged mode. Which Docker configuration change best ensures the container cannot load kernel modules while still allowing it to operate normally?
- A) Disable inter-container networking via "--icc=false"
- B) Remove the "CAP_SYS_MODULE" capability using "--cap-drop"
- C) Run the container with the "no-new-privileges" flag only
- D) Switch the container to an Alpine-based image
5️⃣ Which simple Docker best practice helps limit container access to sensitive areas of the host system?
- A) Use "latest" tags for all images
- B) Use read-only file systems
- C) Install extra debugging tools
- D) Run many processes inside one container