Containers and Dockers

Question 1

What is a Container?

Answer 1

A standardized, executable software unit that packages application code with all necessary dependencies, allowing consistent execution across different computing environments.

Question 2

What is a Container Engine?

Answer 2

Software responsible for creating, running, managing, and destroying containers.

Example: Docker Engine.

Question 3

What are Container Orchestrators?

Answer 3

Tools that automate deployment, scaling, and management of containerized applications across clusters of hosts.

Examples: Kubernetes, Docker Swarm.

Question 4

What is Container as a Service (CaaS)?

Answer 4

A cloud service model that enables users to deploy, manage, and run containers using a provider’s infrastructure.

Examples: Amazon ECS, Azure Container Instances.

Question 5

What are OS Containers?

Answer 5

Containers that virtualize an entire operating system environment, allowing multiple isolated user-spaces on a single OS kernel.

Example: LXC.

Question 6

What are Application Containers?

Answer 6

Containers designed to encapsulate and run individual applications, along with their specific dependencies and libraries.

Example: Docker Containers.

Question 7

What is Docker?

Answer 7

A platform that packages, distributes, and manages applications using containerization technology.

Question 8

What is Docker Engine?

Answer 8

The runtime software powering Docker, responsible for creating and managing containers.

Question 9

What is Docker Daemon?

Answer 9

A background service running on the Docker host, managing container operations such as creation, running, and removal.

Question 10

What is Docker Engine REST API?

Answer 10

An HTTP-based interface through which Docker clients communicate with Docker Daemon to manage containers remotely.

Question 11

What is Docker CLI (Command Line Interface)?

Answer 11

A command-line tool used by users to interact with Docker Daemon via the Docker REST API.

Question 12

What is the Docker Systems Working Mechanism?

Answer 12

Docker operates through a client-server architecture where the Docker client sends commands via REST API to Docker Daemon on the Docker Host, managing containers, images, and registries.

Question 13

What is Docker Client?

Answer 13

The primary interface used by users to interact with Docker Engine, issue commands, and control containers.

Question 14

What is Docker Host?

Answer 14

A machine (physical or virtual) that runs the Docker Daemon, hosting containers.

Question 15

What are Images (Docker Images)?

Answer 15

Read-only templates used to create Docker containers, containing application code, runtime libraries, and dependencies.

Question 16

What are Docker Registries?

Answer 16

Repositories that store Docker images, allowing users to pull or push images remotely.

Example: Docker Hub.

Question 17

What is a Microservices Application?

Answer 17

A software architecture composed of multiple small, independently deployable services, each running in its own container.

Question 18

What is a Monolithic Application?

Answer 18

A single-tiered software architecture where all components (user interface, server-side logic, and database interactions) are combined into one unified system.

Question 19

What is the Container Networking Model (CNM)?

Answer 19

A Docker-defined specification providing standardized container networking capabilities, enabling containers to communicate efficiently.

Question 20

What is a Sandbox (CNM)?

Answer 20

An isolated networking environment created for each container, defining its network namespace and interfaces.

Question 21

What is an Endpoint (CNM)?

Answer 21

A virtual network interface attached to a container’s sandbox, allowing network connectivity.

Question 22

What are CNM Driver Interfaces?

Answer 22

Standard interfaces through which Docker interacts with networking plugins to manage container networking resources.

Question 23

What are the types container Network Drivers?

Answer 23

Drivers that manage container networking.

• Native: Network drivers integrated within Docker Engine (e.g., bridge, overlay).
• Remote: External third-party network plugins enabling extended networking capabilities.

Question 24

What are IP Address Management (IPAM) Drivers?

Answer 24

Drivers managing allocation and assignment of IP addresses to Docker containers.

Question 25

What is the Host Network Driver?

Answer 25

Networking mode that directly uses the host’s networking stack, eliminating network isolation for containers.

Question 26

What is the Bridge Network Driver?

Answer 26

Default Docker network driver that provides isolated networking by creating a virtual bridge allowing container-to-container communication.

Question 27

What is the Overlay Network Driver?

Answer 27

Docker network driver enabling multi-host networking, allowing containers on different Docker hosts to communicate seamlessly.

Question 28

What is the MACVLAN Network Driver?

Answer 28

Network driver allowing containers to have unique MAC addresses and direct physical network connectivity, similar to virtual network interfaces.

Question 29

What is the None Network Driver?

Answer 29

A Docker networking mode disabling all networking for a container, providing complete isolation from external networks.

Question 30

Serverless Computing

Answer 30

A cloud-computing execution model where the cloud provider dynamically manages the allocation and provisioning of servers.

Question 31

Function as a Service (FaaS)

Answer 31

cloud computing service model that enables developers to deploy **individual functions**, which are then **executed in response to events** without the need to manage the underlying infrastructure

Question 32

Cold Start

Answer 32

The initial delay that occurs when a serverless function is invoked after not being used for a while, due to the need to start up the execution environment.

Question 33

VM Sprawl

Answer 33

A situation where unmanaged, excessive virtual machines are deployed, leading to inefficient use of resources and potential security risks.

Question 34

VM Escape

Answer 34

A security breach where a malicious program inside a virtual machine breaks out and gains access to the host system or other VMs.

Question 35

Cross-Container Attacks

Answer 35

Security threats where an attacker compromises one container and uses it to attack other containers on the same **host or not**.

Question 36

Inter-Container Attacks

Answer 36

Attacks that occur between containers co-located **on the same host**. The attacker exploits **insecure communication channels** between containers.

Question 37

Docker Registry Attacks

Answer 37

Attacks that target Docker registries, which may involve pushing malicious images or pulling compromised images that can then infect systems.

Question 38

SILUMR — Docker Security Best Practices

Answer 38

- **S** – Socket: Avoid exposing the Docker daemon socket - **I** – Image: Use only trusted Docker images - **L** – Limit: Limit container capabilities to only what’s needed - **U** – Update: Regularly patch host OS and Docker - **M** – Modules: Use seccomp, AppArmor, SELinux - **R** – Read-only: Set file systems/volumes as read-only (`--read-only`)

Question 39

CARSSI — Container Security Best Practices

Answer 39

- **C** – CVEs: Monitor and remediate container runtime vulnerabilities - **A** – App-aware: Use tools to monitor network anomalies - **R** – Run as User: Avoid running containers as root - **S** – Secure Root FS: Use read-only mode for host root filesystem - **S** – Scanning Tools: Employ tools to detect malicious software - **I** – Image Scanning: Regularly scan container images for issues