Security Flashcards

1
Q

What feature in DTR allows for images to be scanned for possible security flaws?

A

Vulnerability scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can DTR be used to notify 3rd party tools like Jenkins/GitHub?

A

webhooks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are UCP Client Bundles?

A

A set of downloadable certificates that allow you to execute docker commands on the remote cluster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How to setup the UCP Client Bundles?

A
  1. Download client bundles from UCP
  2. Extract on local
  3. Get env vars by eval env.sh file from bundle
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does namespaces do in linux and docker?

A

Namespaces provide separation of host resources, such as pid, mnt, net, IPC, user and UTS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does cgroups do in linux and docker?

A

Limits the resources (ram, cpu, network, etc) processes/containers can use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are two possible ways to limit cpu usage for a container?

A
  • -cpus=1 (restricts to only one one CPU)

- -cpuset-cpus=1,3 (restricts docker to only use the 2nd and 4th cpu)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is reservation vs limit for docker container?

A
  • m, –memory: Limit is a hard limit

- -memory-reservation: Reservation is a soft limit (docker tries to maintain this when there is contention on the node)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is MTLS in Docker Swarm?

A

Mutually Authenticated Transport Layer Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How to rotate the docker swarm CA cert?

A

docker swarm ca –rotate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How to create a secret for docker?

A

docker secret create file_name.txt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How to add a secret to a container when running?

A

docker run –name my_container –secret my_secret nginx:latest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How to ensure that the image you are pulling has not been intercepted and changed by a middle man?

A

Use Docker Content Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How to enable docker content trust?

A

By setting host env:

DOCKER_CONTENT_TRUST=1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are capabilities in terms of Linux and Docker?

A

Built in Linux capabilities to do certain things like chown and making files immutable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How to add capabilities to a container that is not enabled by default?

A

docker run –name my_container –cap-add LINUX_IMMUTABLE ubuntu

17
Q

What are privileged containers?

A

Allows containers to have more access to the underlying host

18
Q

How to run a container as privileged?

A

docker run –privileged –name my_container ubuntu

19
Q

Other than adding capabilities to containers, how can we run a container with nearly all capabilities same as host?

A

Run the container as privileged