The SecOps Group CAP Exam - Topic 16 Question 106 Discussion

A docker-compose.yml file is a YAML-formatted configuration file used with Docker Compose, a tool for defining and running multi-container Docker applications. Its primary significance lies in orchestrating the deployment of Docker containers by specifying services (e.g., web server, database), networks (e.g., internal communication), and volumes (e.g., persistent storage). An exposed docker-compose.yml file poses a security risk because it may reveal sensitive configuration details, such as service names, ports, environment variables (e.g., database credentials), and network settings, which attackers could exploit to target the application.

Option A ('The docker-compose.yml file is a YAML file that contains the application source code'): Incorrect, as this file defines configuration and orchestration, not source code.

Option B ('The docker-compose.yml file is a YAML file that contains the server logs and user session information...'): Incorrect, as logs and session data are stored elsewhere (e.g., in container logs or databases), not in docker-compose.yml.

Option C ('The docker-compose.yml file is a YAML file that is used to define the services, networks, and volumes...'): Correct, as it accurately describes the file's purpose and content, including configuration and dependencies, which are critical for Docker applications.

Option D ('The docker-compose.yml file is a YAML file that contains the configuration of load balancers and firewalls'): Incorrect, as it focuses only on load balancers and firewalls, which are specific components and not the primary focus of the file.

The correct answer is C, aligning with the CAP syllabus under 'Container Security' and 'Configuration Management.'