5 exercises on advanced containerization vocabulary.
0 / 5 completed
1 / 5
What is a multi-stage Docker build and why is it used?
Multi-stage build: separates the build environment (compilers, test tools, source code) from the runtime image. The final stage copies only compiled artifacts, dramatically reducing image size and the attack surface.
2 / 5
What is a container layer in Docker's image model?
Layer: each instruction (RUN, COPY, etc.) creates an immutable layer on top of the previous one. Layers are content-addressed and cached. Ordering instructions from least to most frequently changed maximizes cache reuse.
3 / 5
Why should containers run as a non-root user?
Non-root container: running as root inside a container escalates privileges if there is a container escape vulnerability. Adding a non-root USER in the Dockerfile is a defense-in-depth measure for production security.
4 / 5
What is the purpose of a Docker health check?
HEALTHCHECK: a command the runtime runs periodically inside the container. If it fails repeatedly, the container is marked unhealthy and orchestrators like Kubernetes can route traffic away and restart it.
5 / 5
What does copy-on-write (CoW) mean in the context of container storage?
CoW: the container layer sits on top of read-only image layers. When a process writes to a file, only then is it copied into the writable layer. This lets many containers share layers without duplication until a write occurs.