Securing Windows Server 2016 — Question 164

You have a server named Server1 that runs Windows Server 2016.
You install Docker on Server1 and download a Docker image.
You need to start a new container from the image. The solution must prevent the processes that run in the container from being accessible to Server1.
Which parameter should you specify when you run the docker run command?

Answer options

• A. --expose
• B. --runtime
• C. --entrypoint
• D. --isolation

Correct answer: D

Explanation

The correct option is D, --isolation, because it specifies the isolation level for the container, effectively keeping its processes separate from the host system. The other options do not provide the necessary isolation; --expose is used for port mapping, --runtime specifies the container runtime, and --entrypoint defines the command to run in the container.