Docker Certified Associate 2020 - Practice Exams - NEW Set 10

What Dockerfile instructions create new layers on the top of a image?


Options are :

  • RUN (Correct)
  • COPY (Correct)
  • ADD (Correct)
  • CMD

Answer :RUN COPY ADD

How can you list exited containers ? ( Select all that apply )


Options are :

  • docker container list exited
  • docker ps -f 'Exited'
  • docker container ls -f 'status=exited' (Correct)
  • docker ps -a - grep Exited (Correct)

Answer :docker container ls -f 'status=exited' docker ps -a - grep Exited

Docker Certified Associate (DCA) Practice Exams Set 4

Which type of service runs one task on every node?


Options are :

  • universal
  • replicated
  • agent
  • global (Correct)

Answer :global

What is the purpose of the Dockerfile option 'LABEL' ?


Options are :

  • Set Docker healthchecks to test a container .
  • Define an ID to a container that will run as an executable
  • Adds metadata to an image (Correct)
  • Provide default variables for an executing container

Answer :Adds metadata to an image

What are valid forms to tag an image ?


Options are :

  • Tag an image referenced by User ID
  • Tag an image referenced by Name and Tag (Correct)
  • Tag an image referenced by Name (Correct)
  • Tag an image for a private repository (Correct)
  • Tag an image referenced by ID (Correct)

Answer :Tag an image referenced by Name and Tag Tag an image referenced by Name Tag an image for a private repository Tag an image referenced by ID

Docker Certified Associate (DCA) Practice Test Set 3

What command is used to download a particular image, or set of images ?


Options are :

  • docker image download
  • docker image save
  • docker pull (Correct)
  • docker download

Answer :docker pull

Which of the following is incorrect about overlay networks ?


Options are :

  • Overlay networks are only created on the manager nodes. (Correct)
  • Docker overlay networking uses VXLAN tunnels to create virtual Layer 2 overlay networks.
  • Docker transparently handles routing of each packet to and from the correct Docker daemon host and the correct destination container.
  • It allows to create a flat, secure, layer-2 network, spanning multiple hosts. Containers connect to this and can communicate directly.

Answer :Overlay networks are only created on the manager nodes.

In Production environments, how devicemapper has to be configured to ensure use of system resources more efficiently ?


Options are :

  • direct-lvm (Correct)
  • loop-lvm
  • ext-lvm
  • block-lvm

Answer :direct-lvm

Docker Certified Associate (DCA) Practice Exams Set 16

When you deploy UCP, it starts running a globally scheduled service called ucp-agent, this service monitors the node where itís running and starts and stops UCP services, based on whether the node is a manager or a worker node.

If the node is a manager node, how does ucp-agent will work on this node ?


Options are :

  • The ucp-agent service starts serving a proxy service that ensures only authorized users and other UCP services can run Docker commands in that node. The ucp-agent deploys a subset of containers on these nodes.
  • The ucp-agent service automatically starts serving all UCP components, including the UCP web UI and data stores used by UCP. The ucp-agent accomplishes this by deploying several containers on the node. (Correct)

Answer :The ucp-agent service automatically starts serving all UCP components, including the UCP web UI and data stores used by UCP. The ucp-agent accomplishes this by deploying several containers on the node.

Which Docker solution below provide an option to integrate with LDAP ?


Options are :

  • Docker Trusted Registry
  • Docker Cloud
  • Universal Control Plane (Correct)
  • Docker Hub

Answer :Universal Control Plane

How to configure the Docker daemon to default to a specific logging driver ?


Options are :

  • Use the flag --log-driver when you start the Daemon Docker.
  • Use the flag --log-opt when you start a container.
  • Use the flag --log-driver when you start a container.
  • Set the value of log-driver to the name of the logging driver in the daemon.json file. (Correct)

Answer :Set the value of log-driver to the name of the logging driver in the daemon.json file.

Docker Certified Associate (DCA) Practice Exams Set 10

You can monitor the status of UCP by using the web UI or the CLI. You can also use the _ping endpoint to build monitoring automation. True or False ?


Options are :

  • True (Correct)
  • False

Answer :True

Pod Security Policies (PSPs) are cluster-level resources that are enabled by default in UCP 3.2.UCP uses its own role-based access control (RBAC) for Kubernetes clusters. Which of the following role-grants does Kubernetes provide?


Options are :

  • NodeRoleBinding
  • PodRoleBinding
  • UserRoleBinding
  • ClusterRoleBinding (Correct)
  • RoleBinding (Correct)

Answer :ClusterRoleBinding RoleBinding

By default, when you push an image to DTR, the Docker CLI client doesnít sign the image.You can configure the Docker CLI client to sign the images you push to DTR. That way, what are the steps needed to sign an image ?


Options are :

  • Initialize trust metadata for the repository (Correct)
  • Configure your Notary client (Correct)
  • Push private keys to DTR server
  • Delegate signing to the keys in your UCP client bundle (Correct)

Answer :Initialize trust metadata for the repository Configure your Notary client Delegate signing to the keys in your UCP client bundle

Docker Certified Associate (DCA) Practice Tests Set 11

Which of the following commands , it will show pods where environment variables is production ?


Options are :

  • kubectl get pods --filter env=production
  • kubectl get pods -f env=production
  • kubectl get pods -l env=production (Correct)
  • kubectl get pods --format env=production

Answer :kubectl get pods -l env=production

Which of the following statements is correct?


Options are :

  • Top writable layer is the major difference between a container and an image. All writes to the container that add new or modify existing data are stored in this writable layer. (Correct)
  • When a container is deleted, the writable layer is persisted
  • The column 'virtual size' of docker ps -s output shows the amount of data used for the read-only image data used by the container plus the container's writable layer 'size'. (Correct)
  • The column 'size' of docker ps -s output shows the amount of data that is used for the writable layer of each container. (Correct)

Answer :Top writable layer is the major difference between a container and an image. All writes to the container that add new or modify existing data are stored in this writable layer. The column 'virtual size' of docker ps -s output shows the amount of data used for the read-only image data used by the container plus the container's writable layer 'size'. The column 'size' of docker ps -s output shows the amount of data that is used for the writable layer of each container.

In a DevOps environment, 10 nodes are working as part of the swarm cluster. According to business rules, there is a requirement to only allow containers based on Kubernetes orchestrator .Which of the following commands below it will enable Docker achieving this rule?


Options are :

  • docker node update --label-add com.ucp.orchestrator.kubernetes=true
  • docker node update --label-add com.docker.ucp.orchestrator.kubernetes=true (Correct)
  • docker node --label--add com.docker.ucp.orchestrator.kubernetes=true
  • docker node add --label-add com.orchestrator.kubernetes=true

Answer :docker node update --label-add com.docker.ucp.orchestrator.kubernetes=true

Docker Certified Associate (DCA) Practice Exams Set 15

What commands show published port or a specific mapping for the container ?


Options are :

  • docker info
  • docker container inspect (Correct)
  • docker port (Correct)
  • docker network inspect

Answer :docker container inspect docker port

Which technology is used to limit an application to a specific set of resources ?


Options are :

  • Resource quota
  • Docker Engine
  • Namespaces
  • Control groups (Correct)

Answer :Control groups

Which technology allows Docker Engine to limit the amount of hardware resource consumed by a container, such as, limit amount of available memory for a container ?


Options are :

  • Namespaces
  • Hypervisor
  • Resources Groups
  • Control Groups (Correct)

Answer :Control Groups

Docker Certified Associate (DCA) Practice Exams Set 19

What is the purpose of Docker Content Trust?


Options are :

  • Enabling mutual TLS between the Docker client and server
  • Signing and verification of image tags (Correct)
  • Indicating an image on Docker Hub is an official image
  • Docker registry TLS verification and encryption

Answer :Signing and verification of image tags

Docker Certified Associate (DCA) Practice Exams Set 5

By default, how many layers of docker image does docker daemon pull from the docker registry at a time?


Options are :

  • 2
  • 4
  • 1
  • 3 (Correct)

Answer :3

A ____ is a running container which is part of a swarm service and managed by a swarm manager, as opposed to a standalone container.


Options are :

  • instance
  • image
  • task (Correct)
  • node

Answer :task

Following the principle of least privilege, which of the following methods can be used to securely grant access to the specific user to communicate to a Docker engine? (Choose all that apply)


Options are :

  • Utilize openssl to create TLS client and server certificates, configuring the Docker engine to use with mutual TLS over TCP. (Correct)
  • Give the user root access to the server to allow them to run Docker commands as root.
  • Add the user to the 'docker' group on the server or specify the group? with the '--group' Docker daemon option. (Correct)
  • Utilize the '--host 127.0.0.1:2375' option to the Docker daemon to listen on port 2375 over TCP on localhost
  • Utilize the '--host 0.0.0.0:2375' option to the Docker daemon to listen on port 2375 over TCP on all interfaces

Answer :Utilize openssl to create TLS client and server certificates, configuring the Docker engine to use with mutual TLS over TCP. Add the user to the 'docker' group on the server or specify the group? with the '--group' Docker daemon option.

Docker Certified Associate (DCA) Practice Exams Set 1

What is the docker command to roll back to the previous version of a service?


Options are :

  • docker service --rollback SERVICE
  • docker service update --rollback SERVICE (Correct)
  • docker service --rollback-version SERVICE
  • docker service update --rollback-version SERVICE

Answer :docker service update --rollback SERVICE

Which of the following modes can be used for service discovery of a Docker swarm service (Select all that apply)?


Options are :

  • DNS Round-Robin with --endpoint-mode dnsrr (Correct)
  • Ingress with --endpoint-mode ingress
  • Virtual IP (VIP) with --endpoint-mode vip (Correct)
  • Overlay with --endpoint-mode overlay

Answer :DNS Round-Robin with --endpoint-mode dnsrr Virtual IP (VIP) with --endpoint-mode vip

Which of the following is supported by control groups?


Options are :

  • Collect net
  • Manage certificates
  • Limit CPU usage within a container (Correct)
  • Isolate processes in a container

Answer :Limit CPU usage within a container

Docker Certified Associate 2020 - Practice Exams - NEW Set 12

Which of the following commands will automatically create a volume when a container is started?


Options are :

  • 'docker container run --name nginxtest --volumes=/app nginx'
  • 'docker container run --name nginxtest --volumes myvol:/app:new nginx'
  • 'docker container run --name nginxtest -v myvol:/app nginx' (Correct)
  • 'docker container run --name nginxtest -v /app:mount nginx'

Answer :'docker container run --name nginxtest -v myvol:/app nginx'

What service mode is used to deploy a single task of a service to each node?


Options are :

  • Universal
  • Global (Correct)
  • Replicated
  • Agent

Answer :Global

What is the docker command to add or update a mount on a service?


Options are :

  • docker service update --mount-add type=volume,source=other-volume,target=/somewhere-else myservice (Correct)
  • docker service --add-update-mount type=volume,source=other-volume,target=/somewhere-else myservice
  • docker service --mount-volume type=volume,source=other-volume,target=/somewhere-else myservice
  • docker service set --add-update-mount type=volume,source=other-volume,target=/somewhere-else myservice

Answer :docker service update --mount-add type=volume,source=other-volume,target=/somewhere-else myservice

Docker Certified Associate (DCA) Practice Exams Set 21

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions