Certified Application Security Engineer – .NET (CASE-.NET) — Question 2

Thomas McInerney has been working as a senior DevSecOps engineer in an IT company that develops software products and web applications related to the healthcare sector. His organization deployed various applications in Docker containers. Thomas’ team leader would like to prevent a container from gaining new privileges. Therefore, he asked Thomas to set no_new_priv bit, which functions across clone, execve, and fork to prevent a container from gaining new privileges. Which of the following commands should Thomas use to list out security options for all the containers?

Answer options

• A. docker ps --quiet --all | xargs docker inspect --format ‘:SecurityOpt’
• B. docker ps --quiet --all | xargs docker inspect --format ‘:SecurityOpt=’
• C. docker ps -quiet -all | xargs docker inspect --format ‘:SecurityOpt’
• D. docker ps -quiet -all | xargs docker inspect --format ‘:SecurityOpt=’

Correct answer: A

Explanation

The correct command is A because it accurately lists the security options for all containers using the right syntax and flags. Option B incorrectly uses an equals sign, which is not necessary for this command. Options C and D contain a syntax error with the missing hyphen in 'quiet', making them invalid commands.