DCA Question #164: Real Exam Question with Answer & Explanation

The correct answer is C: 'docker run --privileged'. The docker run --privileged flag grants a container extensive host capabilities, effectively lifting most cgroup and security limitations.

Submitted by jaden.t· Apr 18, 2026Security

Question

Which 'docker run' flag lifts cgroup limitations?

Options

A'docker run --isolation'
B'docker run --cap-drop'
C'docker run --privileged'
D'docker run --cpu-period'

Explanation

The docker run --privileged flag grants a container extensive host capabilities, effectively lifting most cgroup and security limitations.

Common mistakes.

A. --isolation is used on Windows to specify the isolation technology and does not directly lift Linux cgroup limitations.
B. --cap-drop is used to remove specific Linux capabilities from a container, which increases restrictions rather than lifting them.
D. --cpu-period is a cgroup parameter used to define CPU resource limits, not to lift them.

Concept tested. Docker container runtime privileges

Reference. https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

Topics

#docker run#privileged mode#cgroups#container security

Community Discussion

No community discussion yet for this question.

Full DCA Practice Browse All DCA Questions