Which statement best describes the role of Docker Bench in security testing?

• A. It tests network performance under Docker
• B. It patches vulnerabilities automatically
• C. It scans Docker configurations for common misconfigurations
• D. It monitors container runtime logs for anomalies

Answer: (C)

Docker Bench for Security is an auditing tool that checks a Docker host’s configuration against established security benchmarks (such as the CIS Docker Benchmark). It looks at the daemon and container runtime settings, host-level configurations, and related security controls to identify misconfigurations that could weaken isolation or enable privilege escalation. This is why the best description is that it scans Docker configurations for common misconfigurations—detecting issues like running containers with privileged access, unsafe capabilities, non-read-only filesystems, or improper user and logging setups. It does not test network performance, automatically patch vulnerabilities, or monitor runtime logs for anomalies, which are not the tool’s primary focus.