DCA_2023_May
![]() |
![]() |
![]() |
Title of test:![]() DCA_2023_May Description: Docker-certification |




New Comment | ||
---|---|---|
| ||
END OF LIST |
Which of the following commands wifi automatically create a volume when a container is started?. 'docker container run --name nginxtest --volumes=/app nginx'. 'docker container run --name nginxtest -v /app:mount nginx'. 'docker container run --name nginxtest --volumes myvol:/app:new nginx'. 'docker container run --name nginxtest -v myvol:/app nginx'. Which one of the following commands will show a list of volumes for a specific container?. 'docker container logs nginx--volumes'. 'docker container inspect nginx'. 'docker volume inspect nginx'. 'docker volume logs nginx --containers'. Which of the following constitutes a production-ready device mapper configuration for the Docker engine?. Create a volume group in device map per and utilize the'--dm.thinpooldev' Dockerdaemon option, specifying the volumegroup. Format a partition with xfs and mount it at '/var/lib/docker'. Utilize the'--storage-optdm.directlvm_device' Dockerdaemon option, specifying a block device. Nothing, device mapper comes ready for production usage out of the box. Which one of the following commands will result in the volume being removed automatically once the container has exited?. 'docker run --del -v /foobusybox'. 'docker run --read-only -v /foobusybox'. 'docker run --rm -v /foobusybox'. 'docker run --remove -v /foobusybox'. A container named"analytics" that stores results in a volume called "data" was created. docker run -d --name=analytics -v data:/data app1 How are the results accessed in "data" with another container called "app2"?. docker run -d --name=reports --volume=data app2. docker run -d --name=reports --volumes-from=analytics app2. docker run -d --name=reports --volume=app1 app2. docker run -d --name=reports --mount=app1 app2. A server is running low on disk space. What command can be used to check the disk usage of images, containers, and volumes for Dockerengine?. 'docker system df'. 'docker system prune'. 'docker system free'. 'docker system ps'. Which of the following are types of namespaces used by Docker to provide isolation? (Choose 2.). Host. Network. Process ID. Authentication. Storage. Which of the following namespaces is disabled by default and must be enabled at Dockerengine runtime in order to be used?. user. pid. net. mnt. Which of the following statements is true about secrets?. Secrets can be created from any node in the cluster. Secrets can be modified after they are created. Secret are stored unencrypted on manager nodes. Secrets can be created using standard input (STDIN) and a file. Following the principle of least privilege, which of the following methods can be used to securely grnt access to the specific user to communicate to a Docker engine? (Choose two.). Utilize the '--host 0.0.0.0:2375' option to the Docker daemon to listen on port 2375 over TCP on all interfaces. Utilize open ssl to create TLSclient and server certificates, configuring the Docker engine to use with mutual TLS over TCP. Utilize the '--host 127.0.0.1:2375' option to the Docker daemon to listen on port 2375 over TCP on localhost. Give the user root access to the server to allow them to run Docker commands as root. Add the user to the 'docker' group on the server or specify the group with the'--group' Docker daemon option. Which of the following is supported by control groups?. Manage certificates. Collect net. Limit CPU usage within a container. Isolate processes in a container. What is the purpose of Docker Content Trust?. Signing and verification of imagetags. Enabling mutual TLS between the Docker client and server. Docker registry TLS verification and encryption. Indicating an image on Docker Hub is an official image. What is the purpose of a client bundle in the Universal Control Plane?. Authenticate a user using client certificates to the Universal Control Plane. Provide a new user instructions for how to login to the Universal Control Plane. Provide a user with a Docker client binary compatible with the Universal Control Plane. Group multiple users in a team in the Universal Control Plane. When using the Docker client to push an image to a registry, what environment variable is used to instruct the client to perform signing of the image?. DOCKER_CONTENT_TRUST=1. DOCKER_IMAGE_SIGN=1. DOCKER_PUSH_SIGN=1. NOTARY_ENABLE=1 Correct. You have created a Dockerbridge network on a host with three containers attached, how do you make this containers accessible outside of the host?. Use network attach to access the containers on the bridge network. Use either EXPOSE or --publish to access the containers on the bridge network. Use network connect to access the containers on the bridge network. Use --link to access the containers on the bridge network Correct. Which of the following commands will ensure that overlay traffic between service tasks is encrypted?. docker service create --network <network-name> --secure <service-name>. docker network create -d overlay --secure <network-name>. docker network create -d overlay -o encrypted=true <network-name>. docker service create --network <network-name> --encrypted <service-name>. Which of the following commands will create a swarm service which only listens on port 53 using the UDP protocol?. docker service create --name dns-cache -p 53:53/udp dns-cache. docker service create --name dns-cache -p 53:53 --service udp dns-cache. docker service create--namedns-cache-p 53:53..constraint networking.protocol.udp=true dns-cache. docker service create --name dns-cache -p 53:53 --udp dns-cache. Which of the following is true about using the '-P' option when creating a new container?. Docker binds each exposed container port to a random port on all the host's interface. Docker gives extended privileges to the container. Docker binds each exposed container port to a random port on a specified host interface. Docker binds each exposed container port with the same port on the host. What behavior is expected when a service is created with the following command: 'docker service create --publish 8000:80 nginx'. All nodes in the cluster will listen on port 8080 and forward to port 80 in the container. Only a single node in the cluster will listen on port 8080 and forward to port 80 in the container. All nodes in the cluster will listen on port 80 and forward to port 8080 in the container. Only a single node in the cluster will listen on port 80 and forward to port 8080 in the container. Which set of commands can identify the published port(s) for a container? (Choose 1.). 'docker port inspect', 'docker container inspect'. 'docker container inspect', dockerport'. 'docker info','docker network inspect'. 'docker network inspect','docker port'. Which of the following is true about overlay networks?. Overlay networks are created only on the manager node that you created the overlay networking on. Overlay networks are created on all cluster nodes when you create the overlay network. Overlay networks are first created on the manager nodes. Then they are created on the worker nodes once a task is scheduled on the specific worker node. Overlay networks are only created on the manager nodes. Which of the following mode scan be used for service discovery of a Dockerswarm service (Pick 2 correct answers). Virtual IP (VIP) with --endpoint-modevip. Overlay with --endpoint-mode overlay. DNS Round-Robin with --endpoint-modednsrr. Ingress with --endpoint-mode ingress. Network Address Translation(NAT) with --endpoint-mode nat. A user is having problems running Docker. Which of the following will start Docker in debug mode?. Set the debug key to true in the 'daemon.json' file. Start the 'dockerd' process manually with the '--logging' flag set to debug. Set the logging key to debug in the 'daemon.json' file. Start the 'dockerd' process manually with the '--raw-logs' flag set to debug. Which command interactively monitors all container activity in the Dockerengine?. docker system logs. docker system events. docker container events. docker container logs. What is used by the kernel to Isolate resources when running Docker containers?. Namespaces. Overlay networks. Volumes. Control groups (also know as cgroups). A host machine has four CPUs available and two running containers. The sysadmin would like to assign two CPUs to each container. Which of the following commands achieves this?. Set the '--cpuset-cpu's flag to '1.3' on one container and '2.4' on the other container. Set the '--cpuset-cpus' flag to '.5' on both containers. Set the '--cpuset-cpus' flag of the 'dockerd' process to the value 'even-spread'. Set the '--cpu-quota' flag to '1.3' on one container and '2,4' on the other container. Which of the following commands is used to display system-wide Docker configuration on a host?. A. docker info. B. docker status. C. docker inspect. D. docker system. If installing Docker using device mapper for storage with the Intent to run production work loads, how should device mapper be configured. A. direct-lvm. B. loop-lvm. C. overlay-lvm. D. aufs-lvm. Which of the following is required to install Docker EE from a package repository?. Repository URL obtained from Docker Store. License key obtained from DockerStore. Repository URL obtained from DockerHub. License key obtained from Docker Hub. How do you configure Docker engine to use a registry that is not configured with TLS certificates from a trusted CA?. Set IGNORE_TLS in the 'daemon.json' configuration file. Set and export the IGNORE_TLS environment variable on the command line. Set INSECURE_REGISTRY in the '/etc/docker/default' configuration file. Pass the '--insecure.-registry' flag to the daemon at run time. The output of which command can be used to find the architecture and operating system an image is compatible with?. docker image inspect --filter {{.Architecture}} {{.OS}} ' <image-id>. docker image ls <image-id>. docker image inspect --format {{.Architecture}} {{.OS}} ' <image-id>. docker image info <image-id>. An application image runs in multiple environments, and each environment uses different certificates and ports, what is the best practice to deploy the containers?. Create a Dockerfile for each environment, specifying ports and ENV variables for certificates. Create a Dockerfile for each environment, specifying ports and Docker secrets for certificates. Create images that contain the specific configuration for every environment. Create a config file for each environment. What is the purpose of multi-stage builds?. A. Better logical separation of Docker file instructions for better readability. B. Optimizing images by copying artifacts selectively from previous stages. C. Better caching when building Docker images. D. Faster image builds by allowing parallel execution of Docker builds. From a DevOps process standpoint, it is best practice to keep changes to an application in version control. Which of the following will allow changes to a docker Image to be stored in a version control system?. docker commit. docker save. A docker-compose.yml file. A dockerfile. When seven managers are in a swarm cluster how would they be distributed across three datacenters or availability zones?. 5-1-1. 3-2-2. 3-3-1. 4-2-1. What is the difference between a resource limit and a resource reservation when scheduling services?. A resource limit and a resource reservation can be used interchangeably. A resource limit is a soft limit for your service, while a reservation is hard limit and the docker engine will do its best to keep your service at the limit. A resource limit is used to find a host with adequate resources for scheduling a hard limit for your service, while a reservation is hard limit for your service. A resource limit is hard limit for your service, while a reservation is used to find a host with adequate resources for scheduling. Correct. You have just executed'docker swarm leave' on anode. What command can be run on the same node to confirm it has left the cluster?. docker node ls. docker system info. docker system status. docker system status. What is the recommended way to configure the daemon flags and environment variables for your Docker daemon in a platform independent way?. Set the configuration options using the ENV variable. Set the configuration options in '/etc/docker/daemon.json'. Set the configuration DOCKER_OPTS in '/etc/default/docker'. Using 'docker config' to set the configuration options. You have deployed a service to swarm. Which command uses the Docker CLI to set the number of tasks of the services to 5? (Choose 2). A. 'docker service update --replicas=5<service-id>'. B. 'docker replica update <service-id>=5'. C. 'docker update service <service-id>=5'. D. 'docker service replicas <service-id>=5'. E. 'docker service scale <service-id> =5''. A service 'wordpress' is running using a password string to connect to a non-Dockerized database service. The password string is passed into the 'wordpress' service as a Docker secret. Per security policy, the password on the database was changed. Identity the correct sequence of steps to rotate the secret from the old password to the new password. A. Create a new docker secret with the new password. Trigger a rolling secret update by using the 'docker secret update' command. B. Trigger an update to the service by using 'docker service update --secret=<new password>'. C. Create a new docker secret with the new password. Remove the existing service using 'docker service rm'. Start anew service with the new secret using "--secret=<new password>". D. Create a new docker secret with a new password. Trigger a rolling update of the "wordpress" service, by using "--secret-rm" &"--secret-add" to remove the old secret and add the updated secret. What service mode is used to deploy a single task of a service to each node?. A. replicated. B. spread. C. universal. D. distributed. E. global. A docker service 'web' is running with a scale factor of 1 (replicas = 1). Bob intends to use the command'dockerservice update--replicas=3 web'. Alice intends to use the command'dockerservice scale web=3'. How do the outcomes of these two commands differ?. A. Bob's command results in an error. Alice's command updates the number of replicas of the 'web' service to 3. B. Bob's command only updates the service definition, but no new replicas are started. Alice's command results in the actual scaling up of the 'web' service. C. Bob's command updates the number of replicas of the 'web' service to 3. Alice's command results in an error. D. Both Bob's and Alice's commands result in exactly the same outcome, which is 3 instances of the 'web' service. The following health check exists in a Dockerfile: 'HEALTCHECKCMDcurl --fail http://localhost/health ||exit 1' Which of the following describes its purpose?. Defines the action taken when container health fails, which in this case will kill the container with exit status 1. Defines the health check endpoint on the localhost interface for external monitoring tools to monitor the health of the docker engine. Defines the health check endpoint on the local host interface for containers to monitor the health of the docker engine. Defines the health check for the containerized application so that the application health can be monitored by the Dockerengine. Which of these swarm manager configurations will cause the cluster to be in a lost quorum state?. 4 managers of which 2 are healthy. 1 manager of which 1 is healthy. 3 managers of which 2 are healthy. 5 managers of which 3 are healthy. Which of the following commands starts a Redis container and configures it to always restart unless it is explicitly stopped or Docker is restarted?. 'docker run -d --restart-policy unless-stopped redis'. 'docker run -d --restart omit-stopped redis'. 'docker run -d --restart unless-stopped redis'. 'docker run -d --failure omit-stopped redis'. After creating a new service named 'http', you notice that the new service is not registering as healthy. How do you view the list of historical tasks for that service by using the command line?. 'docker inspect http'. 'docker service inspect http'. 'docker service ps http'. 'docker ps http'. Which flag for a service would allow a container to consume more than 2 GB of memory only when there is no memory contention but would also prevent a container from consuming more than 4GB of memory, in any case?. --limit-memory 2GB --reserve-memory 4GB. --limit-memory 4GB --reserve-memory 2GB. --memory-swap 2GB --limit-memory 4GB. --memory-swap 4GB --limit-memory 2GB. In Docker Trusted Registry, how would a user prevent an image, for example 'nginx:latest' from being overwritten by another user with push access to the repository?. A. Tag the image with 'nginx:immutable'. B. Remove push access from all other users. C. Use the DTR web UI to make the tag immutable. D. Keep a backup copy of the image on another repository. Which of the following is NOT backed up when performing a Docker Trusted backup operation?. A. Access control to repos and images. B. Repository metadata. C. Image blobs. D. DTR configurations. Which statement is true?. CMD shell format uses this form ["param", param", "param"]. ENTRYPOINT cannot be used in conjunction with CMD. CMD is used to run the software is the image along with any arguments. ENTRYPOINT cannot be overridden in the "docker container run" command. What is one way of directly transferring a Docker Image from one Docker host in another?. A. 'docker push' the image to the IP address of the target host. B. 'docker commit' to save the image outside of the Docker filesystem. Then transfer the file over to the target host and 'docker start' to start the container again. C. There is no way of directly transferring Docker images between hosts. A Docker Registry must be used ad an intermediary. D. 'docker save' the image to save it as TAR file and copy it over to the target host. Then use 'docker load' to un-TAR the image back as a Docker image. Which statement is true about DTR garbage collection?. A. Garbage collection removes unreferenced image layers from DTR's backend storage. B. Garbage collection removes exited containers from cluster nodes. C. Garbage collection removes DTR images that are older than a configurable of days. D. Garbage collection removes unused volumes from cluster nodes. What is the difference between the ADD and COPY dockerfile instructions? (chosen 2). A. ADD supports compression format handling while COPY does not. B. COPY supports regular expression handling while ADD does not. C. COPY supports compression format handling while ADD does not. D. ADD support remote URL handling while COPY does not. E. ADD supports regular expression handling while COPY does not. What is the docker command to find the current logging driver for a running container?. A. docker stats. B. docker info. C. docker config. D. docker inspect. What is the docker command to setup a swarm?. docker swarm init. docker swarm create. docker init swarm. docker create swarm. Is this a supported user authentication method for Universal Control Plane? Solution: PAM. Yes. no. Will this sequence of steps completely delete an image from diskin the Docker Trusted Registry? Solution: Delete the image and delete the image repository from Docker TrustedRegistry. Yes. No. Will this sequence of steps completely delete an image from diskin the Docker Trusted Registry? Solution: Delete the image and run garbage collection on the Docker Trusted Registry. Yes. No. Is this the purpose of Docker Content Trust? Solution: Enable mutual TLS between the Docker client and server. Yes. No. Is this the purpose of Docker Content Trust? Solution: Verify and encrypt Docker registry TLS. Yes. No. Is this a Linux kernel namespace that is disabled by default and must be enabled at Dockerengine runtime to be used? Solution: mnt. Yes. No. Is this a Linux kernel namespace that is disabled by default and must be enabled at Dockerengine runtime to be used? Solution: net. Yes. No. Is this a Linux kernel namespace that is disabled by default and must be enabled at Dockerengine runtime to be used? Solution: user. Yes. No. Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate? Solution: Pass the '--insecure-registry' flag to the daemon at run time. Yes. No. The Kubernetes yaml shown below describes a networkPolicy. Will the networkPolicy BLOCK this traffic? Solution: a request issued from a pod bearing the tier: backend label, to a pod bearing the tier: frontend label. Yes. No. The Kubernetes yaml shown below describes a network Policy. Will the network Policy BLOCK this traffic? Solution: a request issued from a pod bearing the tier: backend label, to a pod bearing the tier: frontend label. Yes. No. The Kubernetes yaml shown below describes a networkPolicy. Will the networkPolicy BLOCK this traffic? Solution: are quest issued from a pod lacking the tier: api label, to a pod bearing the tier: backend label. Yes. No. Are these conditions sufficient for Kubernetes to dynamically provision a persistent Volume, assuming there are no limitations on the amount and type of available external storage? Solution: A default provisioner is specified, and subsequently a persistent VolumeClaim is created. Yes. No. Are these conditions sufficient for Kubernetes to dynamically provision a persistent Volume, assuming there are no limitations on the amount and type of available external storage? Solution: A default storageClass is specified, and subsequently a persistent VolumeClaim is created. Yes. No. Will this configuration achieve fault tolerance for managers in as warm? Solution: an odd number of manager nodes, totaling more than two. Yes. No. Will this configuration achieve fault tolerance for managers in as warm? Solution: only two managers, one active and one passive. Yes. No. A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster. Can this be used to schedule containers to meet the security policy requirements? Solution: resource reservation. Yes. No. A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster. Can this be used to schedule containers to meet the security policy requirements? Solution: node taints. Yes. No. A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster. Can this be used to schedule containers to meet the security policy requirements? Solution: label contraints. Yes. No. One of several containers in a pod is marked as unhealthy after failing its livenessProbe many times. Is this the action taken by the orchestrator to fix the unhealthy container? Solution: Kubernetes automatically triggers a user-defined script to attempt to fix the unhealthy container. Yes. No. One of several containers in a pod is marked as unhealthy after failing its livenessProbe many times. Is this the action taken by the orchestrator to fix the unhealthy container? Solution: The unhealthy container is restarted. Yes. No. One of several containers in a pod is marked as unhealthy after failing its livenessProbe many times. Is this the action taken by the orchestrator to fix the unhealthy container? Solution: The controller managing the pod is auto scaled back to delete the unhealthy pod and alleviate load. Yes. No. You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_CONTENT_TRUST=1. Ifmyorg/myimage: 1.0 is unsigned, does Docker block this command? Solution: docker image import <tarball> myorg/myimage:1.0. Yes. No. You configure a local Dockerengine to enforce content trust by setting the environment variable DOCKER_CONTENT_TRUST=1. Ifmyorg/myimage: 1.0 is unsigned, does Dockerblock this command? Solution: docker service create myorg/myimage:1.0. Yes. No. Can this set of commands identify the published port(s) fora container? Solution: docker container inspect', 'docker port'. Yes. No. You add a new user to the engineering organization in DTR. Will this action grant them read/write access to the engineering/api repository? Solution: Add the user directly to the list of users with read/write access under the repository's Permissions tab. Yes. No. You add a new user to the engineering organization in DTR. Will this action grant them read/write access to the engineering/api repository? Solution: Add them to a team in the engineering organization that has read/write access to the engineering/api repository. Yes. No. Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application. Is this a way to accomplish this? Solution: Create one pod and add all the resources needed for each application. Yes. No. Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application. Is this a way to accomplish this? Solution: Add all the resources to the default namespace. Yes. No. Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application. Is this a way to accomplish this? Solution: Create one namespace for each application and add all the resources to it. Yes. No. Seven managers are in a swarm cluster. Is this how should they be distributed across three datacenters or availability zones? Solution: 3-3-1. Yes. No. Seven managers are in a swarm cluster. Is this how should they be distributed across three datacenters or availability zones? Solution: 5-1-1. Yes. No. Seven managers are in a swarm cluster. Is this how should they be distributed across three datacenters or availability zones? Solution: 3-2-2. Yes. No. Does this command create aswarm service that only listens on port 53 using the UDP protocol? Solution: 'docker service create --name dns-cache -p 53:53/udp dns-cache'. Yes. No. Does this command create aswarm service that only listens on port 53 using the UDP protocol? Solution: ‘docker service create-name dns-cache -p 53:53 -service udp dns-cache'. Yes. No. You want to provide a configuration file to a container at runtime. Does this set of Kubernetes tools and steps accomplish this? Solution: Turn the configuration file into a configMap object and mount it directly into the appropriate pod and container using the .spec.containers.configMounts key. Yes. No. You want to provide a configuration file to a container at runtime. Does this set of Kubernetes tools and steps accomplish this? Solution: Mount the configuration file directly into the appropriate pod and container using the .spec.containers.configMounts key. Yes. No. You want to provide a configuration file to a container at runtime. Does this set of Kubernetes tools and steps accomplish this? Solution: Turn the configuration file into a configMap object, use it to populate a volume associated with the pod, and mount that file from the volume to the appropriate container and path. Yes. No. In Docker Trusted Registry, is this how a user can prevent animage, such as 'nginx:latest’, from being overwritten by another user with push access to the repository? Solution: Use the DTR web Ul to make all tags in the repository immutable. Yes. No. Will this command mount the host's '/data' directory to the ubuntu container in read-only mode? Solution: 'docker run --add-volume /data /mydata -read-only ubuntu'. Yes. No. Will this command mount the host's '/data' directory to the ubuntu container in read-only mode? Solution: 'docker run -v /data:/mydata --mode read only ubuntu'. Yes. No. Will this command mount the host's '/data' directory to the ubuntu container in read-only mode? Solution: 'docker run --volume /data:/mydata:ro ubuntu'. Yes. No. The following Docker Compose file is deployed as a stack: Is this statement correct about this health check definition? Solution: Health checks test for app health ten seconds apart. Three failed health checks transition the container into “unhealthy” status. Yes. No. The following Docker Compose file is deployed as a stack: Is this statement correct about this health check definition? Solution: Health checks test for app health ten seconds apart. If the test fails, the container will be restarted three times before it gets rescheduled. Yes. No. Will a DTR security scan detect this? Solution: licenses for known third party binary components. Yes. No. Does this command display all the podsin the cluster that are labeled as 'env: development'? Solution: 'kubectl get pods -I env=development'. Yes. No. Does this command display all the podsin the cluster that are labeled as 'env: development'? Solution: 'kubectl get pods --all-namespaces -label env=development'. Yes. No. Does this command display all the podsin the cluster that are labeled as 'env: development'? Solution: 'kubectl get pods --all-namespaces -I env=development'. Yes. No. Will this command display a list of volumes for a specific container? Solution: 'docker container inspect nginx'. Yes. No. Will this command display a list of volumes for a specific container? Solution: docker volume logs nginx --containers'. Yes. No. Will this command display a list of volumes for a specific container? Solution: docker volume inspect nginx'. Yes. No. Will this command display a list of volumes for a specific container? Solution: docker container logs nginx --volumes'. Yes. No. Does this describe the role of Control Groups(cgroups) when used with a Docker container? Solution: user authorization to the Docker API. Yes. No. Does this describe the role of Control Groups(cgroups) when used with a Docker container? Solution: role-based access control to clustered resources. Yes. No. Does this describe the role of Control Groups(cgroups) when used with a Docker container? Solution: accounting and limiting of resources. Yes. No. Will this command ensure that overlay traffic between service tasks is encrypted? Solution: docker network create -d overlay -oencrypted=true <network-name>. Yes. No. Will this commandensure thatoverlay traffic between service tasks is encrypted? Solution: docker network create -d overlay --secure. Yes. No. Will this command ensure that overlay traffic between service tasks is encrypted? Solution: docker service create --network --secure. Yes. No. Will this command ensure that overlay traffic between service tasks is encrypted? Solution: docker service create --network --encrypted. Yes. No. You want to create a container that is reachable from its host's network. Does this action accomplish this? Solution: Use --link to access the container on the bridge network. Yes. No. You want to create a container that is reachable from its host's network. Does this action accomplish this? Solution: Use either EXPOSE or --publish to access the containers on the bridge network. Yes. No. You want to create a container that is reachable from its host's network. Does this action accomplish this? Solution: Use network attach to access the containers on the bridge network. Yes. No. You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object. Does this command display it? Solution: kubectl logs deployment api. Yes. No. You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object. Does this command display it? Solution: kubectl events deployment api. Yes. No. You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object. Does this command display it? Solution: kubectl describe deployment api. Yes. No. Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory? Solution: seccomp. Yes. No. Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory? Solution: namespaces. Yes. No. Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory? Solution: cgroups. Yes. No. An application image runs in multiple environments, with each environment using different certificates and ports. Is this a way to provision configuration to containers at runtime? Solution: Provision a Dockerconfig object for each environment. Yes. No. During development of an application meant to be orchestrated by Kubernetes, you want to mount the /data directory on your laptop into a container. Will this strategy successfully accomplish this? Solution: Add a volume to the pod that sets hostPath.path: /data, and then mount this volume into the pod's containers as desired. Yes. No. During development of an application meant to be orchestrated by Kubernetes, you want to mount the /data directory on your laptop into a container. Will this strategy successfully accomplish this? Solution: Create a PersistentVolume with storageciass: "" and hostPath: /data, and a persistentVolumeClaim requesting this PV. Then use that PVC to populate a volume in a pod. Yes. No. Is this an advantage of multi-stage builds? Solution: better caching when building Docker images. Yes. No. Is this an advantage of multi-stage builds? Solution: optimizes Images by copying artifacts selectively from previous stages. Yes. No. Will this command list all nodesin aswarm cluster from the commandline? Solution: 'docker swarm nodes'. Yes. No. Will this command list all nodesin aswarm cluster from the commandline? Solution: 'docker node Is'. Yes. No. Will this command list all nodesin aswarm cluster from the commandline? Solution: ‘docker Is -a’. Yes. No. Is this a typeof Linux kernel namespace thatprovides container isolation? Solution: Storage. Yes. No. Is this a type of Linux kernel namespace that provides container isolation? Solution: Network. Yes. No. Is this a type of Linux kernel namespace that provides container isolation? Solution: Authentication. Yes. No. Is this statement correct? Solution: A Dockerfile provides instructions for building a Docker image. Yes. No. A users attempts to set the system time from inside a Docker container are unsuccessful. Could this be blocking this operation? Solution: inter-process communication. Yes. No. A users attempts to set the system time from inside a Docker container are unsuccessful. Could this be blocking this operation? Solution: Linux capabilities. Yes. No. Your organization has a centralized logging solution, such as Splunk. Will this configure a Docker container toexportcontainer logs tothelogging solution? Solution: docker system events --filter splunk. Yes. No. Your organization has a centralized logging solution, such as Splunk. Will this configure a Docker container to export container logs to the logging solution? Solution: docker logs <container-id>. Yes. No. Your organization has a centralized logging solution, such as Splunk. Will this configure a Docker container to export container logs to the logging solution? Solution: Set the log-driver and log-oPt keys to values for the logging solution (Splunk) In the daemon.json file. Yes. No. A persistentVolumeClaim (PVC) is created with the specification storageClass:"", and size requirements that cannot be satisfied by any existing persistentVolume. Is this an action Kubernetes takes in this situation? Solution: The PVC remains unbound until a persistentVolume that matches all requirements of the PVC becomes available. Yes. No. You created a new service named 'http' and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service? Solution: 'docker service inspect http'. Yes. No. You created a new service named 'http' and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service? Solution: 'docker inspect http'. Yes. No. You created a new service named 'http' and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service? Solution: 'docker service ps http'. Yes. No. Will this action upgrade Docker Engine CE to Docker Engine EE? Solution: Delete '/var/lib/docker' directory. Yes. No. Will this action upgrade Docker Engine CE to Docker Engine EE? Solution: Uninstall 'docker-ce' package before installing 'docker-ee' package. Yes. No. Will this action upgrade Docker Engine CE to Docker Engine EE? Solution: Manually download the 'docker-ee' package The Kubernetes yaml shown below describes a clusterIP service. Is this a correct statement about how this service routes requests? Solution: Traffic sent to the IP of this service on port 8080will be routed to port 80 in a random pod with the label a PP: nginx. Yes. No. The Kubernetes yaml shown below describes a clusterIP service. Is this a correct statement about how this service routes requests? Solution: Traffic sent to the IP of any pod with the label app: nginx on port 8080 will be forwarded to port 80 in that pod. Yes. No. In the context of a swarm mode cluster, does this describe a node? Solution: a physical machine participating inthe swarm. Yes. No. In the context of a swarm mode cluster, does this describe a node? Solution: a virtual machine participating in the swarm. Yes. No. In the context of a swarm modecluster, does this describe a node? Solution: an instance of the Docker engine participating in the swarm. Yes. No. Is this a function of UCP? Solution: scans images to detect any security vulnerability. Yes. No. Is this a function of UCP? Solution: image role-based access control. Yes. No. Is this a function of UCP? Solution: enforces the deployment of signed images to the cluster. Yes. No. You want to mount external storage to a particular filesystem path in a container in a Kubernetes pod. What is the correct set of objects to use for this?. a volume in the pod specification, populated with a perslstentVolumeClaim bound to a perslstentVolume defined by a storageClass. a storageClass in the pod's specification, populated with a volume which Is bound to a provisioner defined by a persistentVolume. a volume in the pod specification, populated with a storageClass which is bound to a provisioner defined by a perslstentVolume. a perslstentVolume in the pod specification, populated with a persistentVolumeClaim which is bound to a volume defined by a storageClass. How do you change the default logging driver for the docker daemon in Linux?. Set the value of log-driver to the name of the logging driver In the daemon.json In /etc/doc. Use the -log-driver' flag when you run a container. At the command line, type: docker log driver set <driver name>. Install a logging agent on the Linux host. When an application being managed by UCP fails, you would like a summary of all requests made to the UCP API in the hours leading up to the failure. What must be configured correctly beforehand for this to be possible?. UCP audit logs must be set to the metadata' or request' level. UCP logging levels must be set to the info' or debug' level. All engines in the cluster must have their log driver set to the metadata' or request' level. Set the logging level in the config object for the ucp-kube-api-server container to warning or higher. You are running only Kubernetes workloads on a worker node that requires maintenance, such as installing patches or an OS upgrade Which command must be run on the node to gracefully terminate all pods on the node, while marking the node as unschedulable?. 'docker node update --availability drain <node name>'. 'docker swarm leave'. 'kubectl drain <node name>'. 'kubectl cordon <node name>'. A Kubernetes node is allocated a /26 CIDR block (64 unique IPs) for its address space. If every pod on this node has exactly two containers in it, how many pods can this address space support on this node?. 32. 32 In every Kubernetesnamespace. 64 for every service routing to pods on this node. 64. Some Docker images take time to build through a Continuous Integration environment. You want to speed up builds and take advantage of build caching. Where should the most frequently changed part of a Docker image be placed in a Dockerfile?. at the bottom of the Dockerfile. after the FROM directive. at the top of the Dockerfile. in the ENTRYPOINTdirective. You set up an automatic pruning policy on a DTR repository to prune all images using Apache licenses. What effect does this have on images in this repository?. Matching images are untagged once they are older than the pruning threshold set in the repository's Settings tab. Matching Images are untagged during the next prune job. Matching images are deleted during the next prune Job. Matching images are untagged during the nextprune job, and subsequently deleted once they are older than the pruning threshold set in the repository's Settings tab. You are pulling images from a Docker Trusted Registry installation configured to use self- signed certificates, and this error appears: 'x509: certificate signed by unknown authority'. You already downloaded the Docker Trusted Registry certificate authority certificate from https://dtr.example.com/ca. How do you trust it? (Select two.). Place the certificate in '/etc/docker/dtr/dtr.example.com.crt' and restart the Docker daemon on all cluster nodes. Place the certificate in your OS certificate path, trust the certificate system-wide, and restart the Docker daemon across all cluster nodes. Pass '-trust-certificate ca.crt' to the Docker client. Pass --insecure-registry to the Docker client. Place the certificate in '/etc/docker/certs.d/dtr.example com/ca.crt' on all cluster nodes. Which networking drivers allow you to enable multi-host network connectivity between containers?. macvlan, ipvlan, and overlay. bridge, user-defined, host. bridge, macvlan, ipvlan, overlay. host, macvlan, overlay, user-defined. Which 'docker run' flag lifts cgroup limitations?. 'docker run --isolation'. 'docker run --cap-drop'. 'docker run --privileged'. 'docker run --cpu-period'. Two pods bear the same label, app: dev. Will a label selector matching app: dev match both of these pods?. Yes, as long as all the containers in those pods are passing their livenessProbes and readinessProbes. Yes, if both pods were pre-existing when the label selector was declared. Yes, if the pods are in the same Kubernetes namespace as the object bearing the label selector. Yes, if the pods are in the same Kubernetes namespace as the object bearing the label selector and both pods were preexisting when the label selector was declared. Which statement is correct about cluster management in Docker Enterprise Edition 3.x?. Clusters can contain Windows 10 and Windows Server 2016 only. Clusters can contain Linux, Windows Server 2016 and 2019, and Linux on IBM z Systems. Clusters can contain Linux only. Clusters can contain Linux and Windows Server 2008 R2 only. |