Docker DCA Dumps Questions (V10.02) – Pass Your Docker Certified Associate (DCA) Exam to Accelerate Your Career

1. Is this a supported user authentication method for Universal Control Plane?

Solution: PAM

2. Will this sequence of steps completely delete an image from disk in the Docker Trusted Registry? Solution: Delete the image and delete the image repository from Docker Trusted Registry

3. Will this sequence of steps completely delete an image from disk in the Docker Trusted Registry? Solution: Delete the image and run garbage collection on the Docker Trusted Registry.

4. Is this the purpose of Docker Content Trust?

Solution: Enable mutual TLS between the Docker client and server.

5. Is this the purpose of Docker Content Trust?

Solution: Verify and encrypt Docker registry TLS.

6. Is this a Linux kernel namespace that is disabled by default and must be enabled at Docker engine runtime to be used?

Solution: mnt

7. Is this a Linux kernel namespace that is disabled by default and must be enabled at Docker engine runtime to be used?

Solution: net

8. Is this a Linux kernel namespace that is disabled by default and must be enabled at Docker engine runtime to be used?

Solution: user

9. Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate?

Solution: Pass the '--insecure-registry' flag to the daemon at run time.

10. The Kubernetes yaml shown below describes a networkPolicy.

Will the networkPolicy BLOCK this traffic?

Solution: a request issued from a pod bearing the tier: backend label, to a pod bearing the tier:

frontend label

11. The Kubernetes yaml shown below describes a networkPolicy.

Will the networkPolicy BLOCK this traffic?

Solution: a request issued from a pod lacking the tier: api label, to a pod bearing the tier: backend label

12. Are these conditions sufficient for Kubernetes to dynamically provision a persistentVolume, assuming there are no limitations on the amount and type of available external storage?

Solution: A default provisioner is specified, and subsequently a persistentVolumeClaim is created.

13. Are these conditions sufficient for Kubernetes to dynamically provision a persistentVolume, assuming there are no limitations on the amount and type of available external storage?

Solution: A default storageClass is specified, and subsequently a persistentVolumeClaim is created.

14. Will this configuration achieve fault tolerance for managers in a swarm?

Solution: an odd number of manager nodes, totaling more than two

15. Will this configuration achieve fault tolerance for managers in a swarm?

Solution: only two managers, one active and one passive.

16. A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.

Can this be used to schedule containers to meet the security policy requirements?

Solution: resource reservation

17. A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.

Can this be used to schedule containers to meet the security policy requirements?

Solution: node taints

18. A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.

Can this be used to schedule containers to meet the security policy requirements?

Solution: label contraints

19. One of several containers in a pod is marked as unhealthy after failing its livenessProbe many times. Is this the action taken by the orchestrator to fix the unhealthy container?

Solution: Kubernetes automatically triggers a user-defined script to attempt to fix the unhealthy container.

20. One of several containers in a pod is marked as unhealthy after failing its livenessProbe many times. Is this the action taken by the orchestrator to fix the unhealthy container?

Solution: The unhealthy container is restarted.

21. One of several containers in a pod is marked as unhealthy after failing its livenessProbe many times. Is this the action taken by the orchestrator to fix the unhealthy container?

Solution: The controller managing the pod is autoscaled back to delete the unhealthy pod and alleviate load.

22. You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_CONTENT_TRUST=1.

If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution: docker image import <tarball> myorg/myimage:1.0

23. You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_CONTENT_TRUST=1.

If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution: docker service create myorg/myimage:1.0

24. Can this set of commands identify the published port(s) for a container?

Solution: docker container inspect', 'docker port'

25. You add a new user to the engineering organization in DTR.

Will this action grant them read/write access to the engineering/api repository?

Solution: Add the user directly to the list of users with read/write access under the repository's Permissions tab.

26. You add a new user to the engineering organization in DTR.

Will this action grant them read/write access to the engineering/api repository?

Solution: Add them to a team in the engineering organization that has read/write access to the engineering/api repository.

27. Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application.

Is this a way to accomplish this?

Solution: Create one pod and add all the resources needed for each application

28. Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application.

Is this a way to accomplish this?

Solution: Add all the resources to the default namespace.

29. Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application.

Is this a way to accomplish this?

Solution: Create one namespace for each application and add all the resources to it.

30. Seven managers are in a swarm cluster.

Is this how should they be distributed across three datacenters or availability zones?

Solution: 3-3-1

31. Seven managers are in a swarm cluster.

Is this how should they be distributed across three datacenters or availability zones?

Solution: 5-1-1

32. Seven managers are in a swarm cluster.

Is this how should they be distributed across three datacenters or availability zones?

Solution: 3-2-2

33. Does this command create a swarm service that only listens on port 53 using the UDP protocol?

Solution: 'docker service create --name dns-cache -p 53:53/udp dns-cache'

34. Does this command create a swarm service that only listens on port 53 using the UDP protocol?

Solution: ‘docker service create -name dns-cache -p 53:53 -service udp dns-cache'

35. You want to provide a configuration file to a container at runtime. Does this set of Kubernetes tools and steps accomplish this?

Solution: Turn the configuration file into a configMap object and mount it directly into the appropriate pod and container using the .spec.containers.configMounts key.

36. You want to provide a configuration file to a container at runtime. Does this set of Kubernetes tools and steps accomplish this?

Solution: Mount the configuration file directly into the appropriate pod and container using the .spec.containers.configMounts key.

37. You want to provide a configuration file to a container at runtime.

Does this set of Kubernetes tools and steps accomplish this?

Solution: Turn the configuration file into a configMap object, use it to populate a volume associated with the pod, and mount that file from the volume to the appropriate container and path.

38. In Docker Trusted Registry, is this how a user can prevent an image, such as 'nginx:latest’, from being overwritten by another user with push access to the repository?

Solution: Use the DTR web Ul to make all tags in the repository immutable.

39. Will this command mount the host's '/data' directory to the ubuntu container in read-only mode?

Solution: 'docker run --add-volume /data /mydata -read-only ubuntu'

40. Will this command mount the host's '/data' directory to the ubuntu container in read-only mode?

Solution: 'docker run -v /data:/mydata --mode readonly ubuntu'

41. Will this command mount the host's '/data' directory to the ubuntu container in read-only mode?

Solution: 'docker run --volume /data:/mydata:ro ubuntu'

42. The following Docker Compose file is deployed as a stack:

Is this statement correct about this health check definition?

Solution: Health checks test for app health ten seconds apart. Three failed health checks transition the container into “unhealthy” status.

43. The following Docker Compose file is deployed as a stack:

Is this statement correct about this health check definition?

Solution: Health checks test for app health ten seconds apart. If the test fails, the container will be restarted three times before it gets rescheduled.

44. Will a DTR security scan detect this?

Solution: licenses for known third party binary components

45. Does this command display all the pods in the cluster that are labeled as 'env: development'?

Solution: 'kubectl get pods -I env=development'

46. Does this command display all the pods in the cluster that are labeled as 'env: development'?

Solution: 'kubectl get pods --all-namespaces -label env=development'

47. Does this command display all the pods in the cluster that are labeled as 'env: development'?

Solution: 'kubectl get pods --all-namespaces -I env=development'

48. Will this command display a list of volumes for a specific container?

Solution: 'docker container inspect nginx'

49. Will this command display a list of volumes for a specific container?

Solution: docker volume logs nginx --containers'

50. Will this command display a list of volumes for a specific container?

Solution: docker volume inspect nginx'

51. Does this describe the role of Control Groups (cgroups) when used with a Docker container?

Solution: user authorization to the Docker API

52. Does this describe the role of Control Groups (cgroups) when used with a Docker container?

Solution: role-based access control to clustered resources

53. Does this describe the role of Control Groups (cgroups) when used with a Docker container?

Solution: accounting and limiting of resources

54. Will this command ensure that overlay traffic between service tasks is encrypted?

Solution: docker network create -d overlay -o encrypted=true <network-name>

55. Will this command ensure that overlay traffic between service tasks is encrypted?

Solution: docker network create -d overlay --secure

56. Will this command ensure that overlay traffic between service tasks is encrypted?

Solution: docker service create --network --secure

57. Will this command ensure that overlay traffic between service tasks is encrypted?

Solution: docker service create --network --encrypted

58. You want to create a container that is reachable from its host's network. Does this action accomplish this?

Solution: Use --link to access the container on the bridge network.

59. You want to create a container that is reachable from its host's network. Does this action accomplish this?

Solution: Use either EXPOSE or --publish to access the containers on the bridge network

60. You want to create a container that is reachable from its host's network. Does this action accomplish this?

Solution: Use network attach to access the containers on the bridge network

61. You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object. Does this command display it?

Solution: kubectl logs deployment api

62. You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object. Does this command display it?

Solution: kubectl events deployment api

63. You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object. Does this command display it?

Solution: kubectl describe deployment api

64. Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or

memory?

Solution: seccomp

65. Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory?

Solution: namespaces

66. Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory?

Solution: cgroups

67. An application image runs in multiple environments, with each environment using different certificates and ports.

Is this a way to provision configuration to containers at runtime?

Solution: Provision a Docker config object for each environment.

68. During development of an application meant to be orchestrated by Kubernetes, you want to mount the /data directory on your laptop into a container.

Will this strategy successfully accomplish this?

Solution: Add a volume to the pod that sets hostPath.path: /data, and then mount this volume into the pod's containers as desired.

69. During development of an application meant to be orchestrated by Kubernetes, you want to mount the /data directory on your laptop into a container.

Will this strategy successfully accomplish this?

Solution: Create a PersistentVolume with storageciass: "" and hostPath: /data, and a persistentVolumeClaim requesting this PV. Then use that PVC to populate a volume in a pod

70. Is this an advantage of multi-stage builds?

Solution: optimizes Images by copying artifacts selectively from previous stages