Back to Subject

Unit 2 - Practice Quiz

INT332 60 Questions
0 Correct 0 Wrong 60 Left
0/60

1 Which Dockerfile instruction is used to set the base image for subsequent instructions?

Docker file Core Concepts: Basic instructions ( FROM, RUN, COPY, ADD, CMD, ENTRYPOINT, WORKDIR, ENV, EXPOSE, VOLUME etc) Easy
A. INIT
B. BASE
C. START
D. FROM

2 Which instruction sets the working directory for any RUN, CMD, ENTRYPOINT, COPY, and ADD instructions that follow it in the Dockerfile?

Docker file Core Concepts: Basic instructions ( FROM, RUN, COPY, ADD, CMD, ENTRYPOINT, WORKDIR, ENV, EXPOSE, VOLUME etc) Easy
A. DIR
B. CD
C. PATH
D. WORKDIR

3 How do you define environment variables inside a Dockerfile?

Docker file Core Concepts: Basic instructions ( FROM, RUN, COPY, ADD, CMD, ENTRYPOINT, WORKDIR, ENV, EXPOSE, VOLUME etc) Easy
A. EXPORT
B. ENV
C. SET
D. VAR

4 Which file is used to exclude files and directories from being sent to the Docker daemon as part of the build context?

Docker file Core Concepts: Build context & .dockerignore Easy
A. docker-exclude.txt
B. ignore.docker
C. .gitignore
D. .dockerignore

5 What is the primary command used to build a Docker image from a Dockerfile?

Image Creation in Detail: docker build process Easy
A. docker build
B. docker make
C. docker compile
D. docker create

6 In Docker, what is created every time a RUN, COPY, or ADD instruction is executed in a Dockerfile?

Docker file Core Concepts: Image layering Easy
A. A new container
B. A new volume
C. A new network
D. A new image layer

7 Which flag is used with the docker build command to name and optionally tag an image?

Image Creation in Detail: Images Tagging /versioning Easy
A. -tag
B. -t
C. -name
D. -n

8 Which command allows you to see the intermediate layers and creation steps of a Docker image?

Image Creation in Detail: Inspecting images (history, layers) Easy
A. docker history
B. docker layers
C. docker logs
D. docker inspect

9 What is the default network driver for newly created standalone Docker containers?

Docker Networking: Bridge network Easy
A. host
B. overlay
C. macvlan
D. bridge

10 Which Docker network driver is primarily used to connect multiple Docker daemons together, allowing swarm services to communicate?

Docker Networking: Host & overlay networks Easy
A. none
B. host
C. overlay
D. bridge

11 Which flag is used in the docker run command to map a port on the host machine to a port inside the container?

Docker Networking: Port mapping between host and container Easy
A. -e
B. -m
C. -v
D. -p

12 Which Docker storage option is completely managed by Docker and is the preferred way to persist data?

Docker Storage: Volumes vs bind mounts Easy
A. tmpfs mounts
B. Volumes
C. Bind mounts
D. Host mounts

13 Which storage mechanism relies on the directory structure of the host machine by mounting a specific host path into a container?

Docker Storage: Volumes vs bind mounts Easy
A. OverlayFS
B. Bind mounts
C. tmpfs mounts
D. Volumes

14 What strategy does Docker use to share image layers and maximize storage efficiency when running containers?

Docker Storage: Copy-on-write mechanism Easy
A. Data duplication
B. Deep copying
C. Copy-on-write (CoW)
D. Read-only cloning

15 What is the name of the default public registry where Docker looks for images if no custom registry URL is provided?

Registries: Docker Hub Easy
A. GitHub Container Registry
B. Google Container Registry
C. Amazon ECR
D. Docker Hub

16 Which command is used to authenticate and log in to a Docker registry?

Registries: Authentication & access tokens Easy
A. docker signin
B. docker credential
C. docker login
D. docker auth

17 Which Dockerfile instruction functions as documentation to inform users about the network ports the container will listen on at runtime?

Docker file Core Concepts: Basic instructions ( FROM, RUN, COPY, ADD, CMD, ENTRYPOINT, WORKDIR, ENV, EXPOSE, VOLUME etc) Easy
A. LISTEN
B. NETWORK
C. PORT
D. EXPOSE

18 What is the primary difference between the COPY and ADD instructions in a Dockerfile?

Docker file Core Concepts: Basic instructions ( FROM, RUN, COPY, ADD, CMD, ENTRYPOINT, WORKDIR, ENV, EXPOSE, VOLUME etc) Easy
A. There is no difference; they are aliases.
B. COPY can only copy from URLs, while ADD copies local files.
C. ADD creates a new volume, while COPY does not.
D. ADD can extract local tar files and fetch remote URLs, while COPY only copies local files.

19 How do containers running on the same custom user-defined bridge network resolve each other's IP addresses?

Docker Networking: DNS inside Docker Easy
A. By broadcasting ARP requests continuously
B. Using the host's /etc/hosts file
C. They cannot resolve each other without external DNS
D. By using Docker's internal DNS server with container names

20 Which Dockerfile instruction is typically used to provide default arguments or the default executable for a running container?

Docker file Core Concepts: Basic instructions ( FROM, RUN, COPY, ADD, CMD, ENTRYPOINT, WORKDIR, ENV, EXPOSE, VOLUME etc) Easy
A. RUN
B. EXEC
C. START
D. CMD

21 In a Dockerfile, both COPY and ADD can be used to add files to an image. In which of the following scenarios is ADD specifically required over COPY?

Basic instructions ( FROM, RUN, COPY, ADD, CMD, ENTRYPOINT, WORKDIR, ENV, EXPOSE, VOLUME etc) Medium
A. When copying files from a previous stage in a multi-stage build.
B. When you need to change the file permissions (using the --chown flag) during the transfer.
C. When you want to extract a local tar archive automatically into the destination directory.
D. When you need to copy a local directory and all its subdirectories into the image.

22 A Dockerfile contains ENTRYPOINT ["python", "app.py"] and CMD ["--help"]. What happens if you run the container using the command docker run my-image --port 8080?

Basic instructions ( FROM, RUN, COPY, ADD, CMD, ENTRYPOINT, WORKDIR, ENV, EXPOSE, VOLUME etc) Medium
A. The container executes python app.py --port 8080, overriding the default CMD.
B. The container executes python app.py --help --port 8080.
C. The container executes --port 8080 and ignores the ENTRYPOINT entirely.
D. The container fails to start because ENTRYPOINT and CMD cannot be used together.

23 You are building a Docker image and notice the build process is sending 2GB of data to the Docker daemon, slowing it down. The large files are in a local ./data folder that is not needed inside the image. What is the most efficient way to resolve this?

Build context & .dockerignore Medium
A. Use docker build --ignore ./data . to exclude the directory.
B. Remove the COPY ./data /app/data instruction from the Dockerfile.
C. Mount the ./data directory as a volume at runtime instead of copying it.
D. Add data/ to a .dockerignore file in the build context directory.

24 A developer is writing code locally and wants the changes to reflect immediately inside a running container without rebuilding the image. Which storage mechanism is most appropriate?

Docker Storage: Volumes vs bind mounts, backing data on host Medium
A. An anonymous volume
B. A bind mount
C. A named Docker volume
D. The container's writable top layer

25 You want to run a web server container and map the host's port $8080$ to the container's port $80$. Which of the following docker run flags correctly achieves this?

Port mapping between host and container Medium
A. --expose 8080:80
B. -P 8080:80
C. -p 80:8080
D. -p 8080:80

26 In Docker's storage architecture, what happens when a running container needs to modify an existing file that originated from the underlying read-only image layers?

Copy-on-write mechanism Medium
A. The container crashes with a read-only filesystem error.
B. The file is copied from the read-only layer into the container's writable layer before being modified.
C. The file is modified directly in the read-only layer, but only temporarily in memory.
D. A new anonymous volume is automatically created to store the modified file.

27 To optimize a Dockerfile and reduce the final image size, a developer changes three separate RUN instructions (e.g., apt-get update, apt-get install, rm -rf /var/lib/apt/lists/*) into a single RUN instruction chained with &&. Why does this reduce the image size?

Image layering Medium
A. It prevents Docker from caching the intermediate build steps.
B. It compresses the filesystem using gzip before creating the final image.
C. It allows the Docker daemon to skip the .dockerignore file processing.
D. It combines the operations into a single layer, ensuring temporary files deleted in the same command don't persist in hidden lower layers.

28 After successfully running docker login to authenticate with a private registry, where does Docker by default store the authentication credentials or tokens on a Linux host?

Authentication & access tokens Medium
A. /var/lib/docker/credentials
B. ~/.ssh/docker_rsa
C. ~/.docker/config.json
D. /etc/docker/daemon.json

29 Which Docker network driver is best suited for communication between standalone containers running on different Docker daemon hosts within a Swarm cluster?

Host & overlay networks Medium
A. bridge
B. overlay
C. host
D. macvlan

30 Consider the following Dockerfile snippet:
dockerfile
WORKDIR /app
WORKDIR src
WORKDIR bin
RUN pwd

What will be the output of the RUN pwd command during the build process?

Basic instructions ( FROM, RUN, COPY, ADD, CMD, ENTRYPOINT, WORKDIR, ENV, EXPOSE, VOLUME etc) Medium
A. /bin
B. /src/bin
C. /app/src/bin
D. /app/bin

31 You want to analyze an existing Docker image to see the exact commands that were used to build it, layer by layer, along with the size of each layer. Which command should you use?

Inspecting images (history, layers) Medium
A. docker image history <image>
B. docker logs <image>
C. docker inspect <image>
D. docker ps -a --layers

32 Two containers, web and db, are attached to the default bridge network. The web container tries to ping the db container using its name (ping db). What will happen and why?

DNS inside Docker Medium
A. The ping succeeds because the default bridge network automatically provides DNS resolution between containers.
B. The ping fails because ICMP traffic is blocked by Docker's default iptables rules.
C. The ping succeeds because port 53 (DNS) is always exposed by default in all containers.
D. The ping fails because the default bridge network does NOT support automatic DNS resolution by container name.

33 When tagging an image to push to the GitHub Container Registry (GHCR), what is the correct prefix format required for the repository name?

GitHub Container Registry (GHCR) Medium
A. ghcr.io/<username>/<image>:<tag>
B. github.com/<username>/<image>:<tag>
C. registry.github.com/<username>/<image>:<tag>
D. docker.pkg.github.com/<username>/<image>:<tag>

34 You have an image with the ID a1b2c3d4 tagged as myapp:v1. You execute docker tag myapp:v1 myapp:latest. What is the result regarding the image layers and storage?

Images Tagging /versioning Medium
A. A new top writable layer is added to the image to differentiate the versions.
B. The myapp:v1 tag is renamed to myapp:latest, removing the original v1 tag.
C. A complete duplicate of the image is created, consuming twice the storage space.
D. A new reference (tag) is created pointing to the exact same image ID, consuming no additional storage space.

35 What is the primary difference between the ARG and ENV instructions in a Dockerfile?

Basic instructions ( FROM, RUN, COPY, ADD, CMD, ENTRYPOINT, WORKDIR, ENV, EXPOSE, VOLUME etc) Medium
A. ARG variables are only available during the build process, whereas ENV variables persist in the final image and are available at runtime.
B. There is no difference; they are aliases for the exact same functionality.
C. ARG variables are available during both build time and container runtime, while ENV variables are only available at runtime.
D. ARG defines a command to run at startup, while ENV defines network ports.

36 You need to back up the data stored in a Docker named volume called db_data. Which of the following approaches is standard practice for backing up a Docker volume?

Docker Storage: Volumes vs bind mounts, backing data on host Medium
A. Use docker volume backup db_data > backup.tar.
B. Copy the /var/lib/docker/volumes/db_data directory directly while the database container is actively writing to it.
C. Export the running database container using docker export db_container > db_data.tar.
D. Run a temporary container, mount db_data into it, and use tar to archive the contents to a bind-mounted host directory.

37 A developer includes the instruction EXPOSE 80 in their Dockerfile. What is the immediate effect of this instruction when a container is run from this image without any port mapping flags?

Basic instructions ( FROM, RUN, COPY, ADD, CMD, ENTRYPOINT, WORKDIR, ENV, EXPOSE, VOLUME etc) Medium
A. It maps container port 80 to host port 80 automatically.
B. It functions purely as documentation and does not publish the port to the host.
C. It publishes port 80 to a random high port on the host network interfaces.
D. It opens port 80 on the host machine's firewall.

38 If a container is started with the flag --network host, what happens to any port mapping instructions (like -p 8080:80) passed in the docker run command?

Host & overlay networks Medium
A. Docker returns an error preventing the container from starting.
B. The port mapping is ignored because the container shares the host's networking namespace.
C. The container maps port 8080 to the internal Docker bridge instead of the host.
D. The port mapping is applied exactly as specified.

39 When setting up a private Docker registry internally, a company uses the official registry:2 Docker image. If they do not configure TLS (HTTPS), what step must client machines take to push or pull images from this registry?

Private registries Medium
A. Generate self-signed SSH keys and upload them to the registry container.
B. Configure the client's Docker daemon to trust the registry by adding it to the insecure-registries list.
C. Use the --force-http flag with every docker push and docker pull command.
D. It is impossible; Docker daemons strictly refuse to connect to HTTP registries under any circumstance.

40 Why is running the command docker build -t myapp:1.0 . from the root directory of a host machine (i.e., /) considered highly dangerous and inefficient?

docker build process Medium
A. It sends the entire host filesystem to the Docker daemon as the build context.
B. It instantly overwrites the host's bootloader with Docker's internal bootloader.
C. It runs all subsequent Docker containers as the root user permanently.
D. It forces Docker to use the host's root networking namespace instead of the bridge network.

41 A Dockerfile contains the following two instructions:
ENTRYPOINT echo "Hello"
CMD ["World"]
What will be the output when a container is run from this image without any additional command-line arguments?

Docker file Core Concepts: Basic instructions ( FROM, RUN, COPY, ADD, CMD, ENTRYPOINT, WORKDIR, ENV, EXPOSE, VOLUME etc) Hard
A. Hello World
B. World
C. Hello
D. An error will occur because shell form and exec form cannot be mixed.

42 You execute docker build -t myapp . in a directory containing a 10GB file named data.bin. The .dockerignore file contains the line data.bin. The Dockerfile contains the instruction COPY . /app. Which of the following statements is true regarding the build process?

Docker file Core Concepts: Build context & .dockerignore Hard
A. The 10GB file is completely ignored by the CLI and is never sent to the Docker daemon, significantly speeding up the build context transfer.
B. The build fails because a file specified in .dockerignore cannot be present in the directory where docker build is executed.
C. The 10GB file is sent to the Docker daemon, increasing build context time, but it is not copied into the /app directory.
D. The 10GB file is sent to the Docker daemon and copied to /app, because COPY . overrides the .dockerignore file.

43 Consider the following Dockerfile snippet:
dockerfile
VOLUME /data
RUN echo "test" > /data/test.txt

What will be the state of /data/test.txt when a container is started from the resulting image?

Docker file Core Concepts: Basic instructions ( FROM, RUN, COPY, ADD, CMD, ENTRYPOINT, WORKDIR, ENV, EXPOSE, VOLUME etc) Hard
A. The file will not exist in the final image's /data directory.
B. The build will fail because you cannot write to a volume during the build process.
C. The file will exist, but its contents will be empty.
D. The file will contain "test" because RUN executes during the build phase.

44 You mount an empty host directory to a container directory using a bind mount (-v /empty/host/dir:/app/data), and you mount an empty Docker volume to another container directory (-v my_empty_volume:/app/config). Both /app/data and /app/config already contain files in the underlying container image. What happens to the pre-existing files in both container directories?

Docker Storage: Volumes vs bind mounts Hard
A. Files in both /app/data and /app/config are hidden and replaced by the empty host directory and volume.
B. Files in /app/data are hidden. Files in /app/config are copied into my_empty_volume and remain visible.
C. Files in both directories are copied to their respective mounts and remain visible.
D. Files in /app/config are hidden. Files in /app/data are copied to the host directory and remain visible.

45 Why can containers attached to a user-defined bridge network resolve each other by container name, while containers on the default bridge network cannot?

Docker Networking: DNS inside Docker Hard
A. The default bridge network isolates all containers at Layer 2, preventing any IP-based resolution.
B. User-defined networks automatically append .local to container names, which the host DNS daemon resolves.
C. The default bridge network lacks an embedded DNS server; it relies on legacy /etc/hosts mapping via the --link flag.
D. The Docker daemon disables ICMP traffic on the default bridge network, causing DNS queries to drop.

46 A container is running from an image where Layer A (bottom) has file.txt (10MB) and Layer B (top) deletes file.txt. During runtime, a process in the container creates a new file.txt (5MB). How does the Union File System handle the storage size on disk for this specific sequence?

Docker Storage: Copy-on-write mechanism Hard
A. The disk uses 5MB: the new file completely overwrites Layer A's data on disk.
B. The disk uses 0MB: the top layer's deletion prevents any new file with the same name from being written.
C. The disk uses 10MB: the UnionFS dynamically replaces the lower layer file without consuming extra space.
D. The disk uses 15MB: 10MB in Layer A and 5MB in the writable container layer.

47 Consider a Node.js application Dockerfile. Which sequence of instructions optimally utilizes Docker's layer caching to prevent reinstalling dependencies unless package.json changes?

Docker file Core Concepts: Image layering Hard
A. COPY src/ /app/src/
COPY package*.json /app/
WORKDIR /app
RUN npm install
B. COPY . /app
WORKDIR /app
RUN npm install
C. WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
D. WORKDIR /app
RUN npm install
COPY package*.json ./
COPY . .

48 In a multi-stage Docker build, you have three stages: builder, tester, and the final stage. You want to copy a binary from the builder stage, but you forgot to name the stage using AS builder. The builder is the first FROM instruction. How can you validly copy the binary into the final stage?

Image Creation in Detail: docker build process Hard
A. COPY --from=builder /app/bin /usr/local/bin (Docker auto-infers names based on image types)
B. COPY --from=1 /app/bin /usr/local/bin
C. It is impossible; unnamed stages cannot be referenced in subsequent COPY instructions.
D. COPY --from=0 /app/bin /usr/local/bin

49 When a developer executes docker login to a private registry on a Linux system without configuring an external credential helper, how are the credentials stored by default?

Registries: Authentication & access tokens Hard
A. They are hashed using SHA-256 and stored in /etc/docker/daemon.json.
B. They are stored as plaintext in environment variables DOCKER_PASS.
C. They are stored in ~/.docker/config.json as a base64 encoded string, which provides no cryptographic security.
D. They are securely encrypted using the host's TPM module and stored in ~/.docker/credentials.db.

50 What is the precise definition of a 'dangling image' in Docker, and how is it typically created?

Image Creation in Detail: Images Tagging /versioning Hard
A. An image that relies on a parent image that has been removed from the Docker daemon.
B. An image that has no repository name or tag (shows as <none>:<none>); created when a new image is built and overwrites an existing tag.
C. An image layer that has been manually deleted from the host filesystem but still exists in Docker's database.
D. An image that has crashed during runtime; created when a container exits with a non-zero status code.

51 You are deploying a container on a Docker Swarm using an overlay network. You need to ensure that the data-plane traffic (payload) between containers across different nodes is encrypted. How is this achieved?

Docker Networking: Host & overlay networks Hard
A. Overlay network traffic is encrypted by default using mTLS; no further action is required.
B. By setting the --opt encrypted flag when creating the overlay network, which implements IPSec tunneling.
C. By using a Macvlan network instead, as overlay networks do not support data-plane encryption.
D. By configuring the Docker daemon's tlsverify option and providing SSL certificates.

52 A container runs a database listening on port 5432. You start it with docker run -p 5432:5432 my-db. You notice the database is accessible from the public internet. What is the most secure way to modify the -p flag so it is only accessible from the host machine itself?

Docker Networking: Port mapping between host and container Hard
A. -p localhost:5432
B. -p 5432:5432/tcp --internal
C. -p 0.0.0.0:5432:5432
D. -p 127.0.0.1:5432:5432

53 What is a primary difference between the COPY and ADD instructions regarding remote URLs and compressed archives?

Docker file Core Concepts: Basic instructions ( FROM, RUN, COPY, ADD, CMD, ENTRYPOINT, WORKDIR, ENV, EXPOSE, VOLUME etc) Hard
A. ADD can download from remote URLs, but will only auto-extract local tar archives. COPY only works with local files and does not extract.
B. ADD can download from remote URLs and will automatically extract remote tar archives. COPY cannot.
C. COPY can download from remote URLs, but ADD cannot. Neither can auto-extract archives.
D. COPY and ADD behave identically, but ADD is deprecated in multi-stage builds.

54 You are writing a Dockerfile and need to pass a variable that is available during the build process but should NOT persist in the final image as an environment variable to prevent leaking sensitive build tokens. Which instruction should you use?

Docker file Core Concepts: Dockerfile writing Hard
A. ARG
B. SET
C. ENV
D. EXPORT

55 When inspecting an image with docker image history <image>, you notice several layers have <missing> listed under the IMAGE ID column. What does this indicate?

Image Creation in Detail: Inspecting images (history, layers) Hard
A. The image is corrupted, and those specific layers were lost from the local filesystem.
B. The layers were built on another system and pulled locally, or were generated by BuildKit which does not assign standalone IDs to intermediate layers.
C. The base image was deleted, leaving orphaned child layers.
D. The layers contain empty instructions (like ENV or LABEL) which do not consume disk space.

56 You want to mount an NFS share directly as a Docker volume. Which of the following commands correctly creates a Docker volume backed by NFS using the local driver?

Docker Storage: backing data on host Hard
A. docker volume create --driver local --opt type=nfs --opt o=addr=192.168.1.100,rw --opt device=:/path/to/dir myvol
B. docker volume create --type nfs --server 192.168.1.100 --share /path/to/dir myvol
C. docker run -v nfs://192.168.1.100:/path/to/dir:/data myapp
D. docker volume create --driver nfs --name myvol

57 A developer wants to push an image to the GitHub Container Registry (GHCR). If their GitHub username is octocat and the image is app-backend, what is the strictly correct fully qualified image tag format they must use?

Registries: GitHub Container Registry (GHCR) Hard
A. docker.pkg.github.com/octocat/app-backend:latest
B. ghcr.io/octocat/app-backend:latest
C. github.com/octocat/app-backend:latest
D. registry.github.com/octocat/app-backend:latest

58 A container needs to be completely isolated from the host network stack, have its own MAC address, and appear as a distinct physical device on the local network (e.g., pulling an IP directly from the physical router's DHCP). Which network driver MUST be used?

Docker Networking: Bridge network Hard
A. macvlan
B. host
C. overlay
D. bridge

59 In legacy Docker configurations, the --link flag was used to allow containers to communicate. What happens at the host OS level when containerA is linked to containerB using --link containerB:aliasB?

Docker Networking: Linking containers Hard
A. Docker securely shares containerB's environment variables with containerA and adds an entry to containerA's /etc/hosts file.
B. Docker modifies the iptables rules to forward all traffic from containerA's namespace to containerB's namespace.
C. Docker creates an IPSec tunnel between the two containers.
D. Docker places both containers in the same network namespace, sharing the same IP address.

60 Assume a Docker image has 5 layers. A container is spawned from this image. The application inside the container attempts to read a file located in the 3rd layer (counting from the bottom). How does the storage driver resolve this read operation?

Docker file Core Concepts: Image layering Hard
A. It fails the read operation unless the file is explicitly exposed using the VOLUME instruction.
B. It copies the file from the 3rd layer to the top writable container layer before allowing the read operation.
C. It reads the file from the host's kernel memory space, which caches all container filesystems uniformly.
D. It reads directly from the 3rd layer because all image layers are continuously mounted and merged into a unified view by the Union File System.
Previous MCQ
Unit 1
Next MCQ
Unit 3