Q46 of 60 — CCA Practice Exam

Structured Data Extraction

Your team has deployed a structured data extraction pipeline using Claude Code inside a Docker-based CI environment. To avoid constant permission prompts, the sandbox is configured with enableWeakerNestedSandbox mode and allowUnixSockets pointing to /var/run/docker.sock so the extraction agent can spin up ephemeral containers for processing PDFs. A security audit flags this setup as high-risk. Which specific combination of sandbox configuration choices is creating the most serious compound vulnerability?

A. enableWeakerNestedSandbox reduces filesystem and network isolation, and allowing /var/run/docker.sock via allowUnixSockets effectively grants the agent host-level access — together these eliminate both the OS-level sandbox boundary and the container boundary simultaneously.

B. Running Claude Code inside Docker without privileged namespaces prevents filesystem writes, so the agent cannot persist extracted data — the fix is to grant broader filesystem write permissions to the output directories.

C. The network filtering proxy does not inspect traffic content, so any allowed domain could exfiltrate extracted data — the fix is to increase max_tokens so the agent batches more data per request, reducing the number of outbound connections.

D. enableWeakerNestedSandbox is only a risk on macOS; on Linux the sandbox implementation is strong enough that allowing /var/run/docker.sock poses no additional escalation risk in Docker environments.