Docker made containers mainstream, and container fundamentals come up in nearly every DevOps, cloud and backend interview. This 2026 guide groups the most common Docker interview questions from fundamentals to real scenarios.
Docker Fundamentals
What is Docker and why use it?
Docker is a platform for building, shipping and running applications in containers — lightweight, isolated environments that package an app with its dependencies so it runs the same everywhere.
How is a container different from a virtual machine?
A VM virtualizes hardware and runs a full guest OS; a container shares the host kernel and isolates only the process (via namespaces and cgroups). Containers are smaller, start in milliseconds and use fewer resources.
What is the difference between an image and a container?
An image is a read-only template (built from a Dockerfile); a container is a running (or stopped) instance of an image with a writable layer on top.
What is a registry?
A store for images — e.g., Docker Hub, Amazon ECR, GitHub Container Registry. You push and pull images to and from it.
Common Commands
docker build -t name:tag .— build an image from a Dockerfile.docker run— start a container (with flags like-d,-p,-e,-v).docker ps/docker ps -a— list running / all containers.docker exec -it <c> sh— run a command inside a container.docker logs <c>— view container logs.
Dockerfile
What is the difference between CMD and ENTRYPOINT?
ENTRYPOINT sets the fixed executable; CMD sets default arguments (or a default command). Use ENTRYPOINT for the binary and CMD for overridable defaults.
What is the difference between COPY and ADD?
Both copy files in; ADD additionally can fetch URLs and auto-extract local tar archives. Prefer COPY unless you specifically need ADD's extras.
What are image layers and how does caching work?
Each Dockerfile instruction creates a layer. Docker caches layers and reuses them if the instruction and its inputs are unchanged — so order instructions from least to most frequently changing (e.g., install dependencies before copying source) to maximize cache hits.
What is a multi-stage build?
A Dockerfile with multiple FROM stages where you build in one stage and copy only the artifacts into a small final image — dramatically reducing image size and attack surface.
Networking and Storage
What Docker network types exist?
bridge (default, isolated per host), host (shares the host network), none (no networking), and user-defined networks for container-to-container DNS.
How do you persist data in Docker?
Use volumes (managed by Docker, preferred) or bind mounts (map a host path). The container's writable layer is ephemeral and lost when the container is removed.
Docker Compose
What is Docker Compose?
A tool to define and run multi-container applications from a single YAML file (docker-compose.yml) — one command brings up all services, networks and volumes.
Best Practices
- Use small base images (alpine/distroless) and multi-stage builds.
- Run as a non-root user and add a
.dockerignore. - Pin image versions; one main process per container.
- Don't bake secrets into images — pass them at runtime.
Scenario Questions
- Image is too large: use multi-stage builds, a smaller base, and combine/clean up layers.
- Container exits immediately: check
docker logs, the CMD/ENTRYPOINT, and whether the main process stays in the foreground. - Data lost on restart: mount a volume for stateful data.
Keep Learning
Pair this with our EKS, AKS & GKE, Terraform and Linux for DevOps guides, the full interview-questions library, and DevOps training.
