Docker Certified Associate (DCA) Practice Exams Set 10

Following the principle of least privilege, which of the following methods can be used to securely grant access to the specific user to communicate to a Docker engine? (Choose two.)


Options are :

  • Add the user to the 'docker' group on the server or specify the group with the '--group' Docker daemon option.
  • Give the user root access to the server to allow them to run Docker commands as root.
  • Utilize the '--host 0.0.0.0:2375' option to the Docker daemon to listen on port 2375 over TCP on all interfaces.
  • Utilize the '--host 127.0.0.1:2375' option to the Docker daemon to listen on port 2375 over TCP on localhost
  • Utilize openssl to create TLS client and server certificates, configuring the Docker engine to use with mutual TLS over TCP.

Answer : Add the user to the 'docker' group on the server or specify the group with the '--group' Docker daemon option. Utilize openssl to create TLS client and server certificates, configuring the Docker engine to use with mutual TLS over TCP.

Docker Certified Associate (DCA) Practice Exams Set 27

Which of the following is the correct command to tag an image?


Options are :

  • docker build tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
  • docker tag TARGET_IMAGE[:TAG] SOURCE_IMAGE[:TAG]
  • docker tag image SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
  • docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

Answer : docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

What behavior is expected when a service is created with the following command: 'docker service create --publish 8080:80 nginx'?


Options are :

  • Only a single node in the cluster will listen on port 80 and forward to port 8080 in the container.
  • All nodes in the cluster will listen on port 8080 and forward to port 80 in the container.
  • Only a single node in the cluster will listen on port 8080 and forward to port 80 in the container.
  • All nodes in the cluster will listen on port 80 and forward to port 8080 in the container.

Answer : All nodes in the cluster will listen on port 8080 and forward to port 80 in the container.

Which flag for a service would allow a container to consume more than 2 GB of memory only when there is no memory contention but would also prevent a container from consuming more than 4GB of memory, in any case?


Options are :

  • --limit-memory 4GB --reserve-memory 2GB
  • --memory-swap 4GB --limit-memory 2GB
  • --memory-swap 2GB --limit-memory 4GB
  • --limit-memory 2GB --reserve-memory 4GB

Answer : --limit-memory 4GB --reserve-memory 2GB

Docker Certified Associate (DCA) Practice Exams Set 26

What is the purpose of a client bundle in the Universal Control Plane?


Options are :

  • Provide a new user instructions for how to login to the Universal Control Plane
  • Authenticate a user using client certificates to the Universal Control Plane
  • Provide a user with a Docker client binary compatible with the Universal Control Plane
  • Group multiple users in a team in the Universal Control Plane

Answer : Authenticate a user using client certificates to the Universal Control Plane

A service 'wordpress' is running using a password string to connect to a non-Dockerized database service. The password string is passed into the 'wordpress' service as a Docker secret. Per security policy, the password on the database was changed. Identity the correct sequence of steps to rotate the secret from the old password to the new password.


Options are :

  • Create a new docker secret with the new password. Trigger a rolling secret update by using the 'docker secret update' command
  • Create a new docker secret with a new password. Trigger a rolling update of the "wordpress" service, by using "-- secret-rm" & "--secret-add" to remove the old secret and add the updated secret.
  • Create a new docker secret with the new password. Remove the existing service using 'docker service rm'. Start a new service with the new secret using "--secret="
  • Trigger an update to the service by using 'docker service update --secret='

Answer : Create a new docker secret with a new password. Trigger a rolling update of the "wordpress" service, by using "-- secret-rm" & "--secret-add" to remove the old secret and add the updated secret.

If installing Docker using devicemapper for storage with the Intent to run production workloads, how should devicemapper be configured?


Options are :

  • direct-lvm
  • aufs-lvm
  • loop-lvm
  • overlay-lvm

Answer : direct-lvm

Docker Certified Associate (DCA) Practice Exams Set 9

A user is having problems running Docker. Which of the following will start Docker in debug mode?


Options are :

  • Start the 'dockerd' process manually with the '--raw-logs' flag set to debug
  • Set the debug key to true in the 'daemon.json' file.
  • Start the 'dockerd' process manually with the '--logging' flag set to debug
  • Set the logging key to debug in the 'daemon.json' file.

Answer : Set the debug key to true in the 'daemon.json' file.

Which of the following is true about overlay networks?


Options are :

  • Overlay networks are first created on the manager nodes. Then they are created on the worker nodes once a task is scheduled on the specific worker node.
  • Overlay networks are created only on the manager node that you created the overlay networking on.
  • Overlay networks are created on all cluster nodes when you create the overlay network.
  • Overlay networks are only created on the manager nodes.

Answer : Overlay networks are first created on the manager nodes. Then they are created on the worker nodes once a task is scheduled on the specific worker node.

Which of the following is required to install Docker EE from a package repository?


Options are :

  • License key obtained from Docker Hub
  • Repository URL obtained from Docker Hub
  • Repository URL obtained from Docker Store
  • License key obtained from Docker Store

Answer : Repository URL obtained from Docker Store

Docker Certified Associate (DCA) Practice Exams Set 8

What is the docker command to pull an image or a repository from a registry?


Options are :

  • docker deploy
  • docker pull
  • docker checkout
  • docker build

Answer : docker pull

Which one of the following commands will result in the volume being removed automatically once the container has exited?


Options are :

  • 'docker run --read-only -v /foo busybox'
  • 'docker run --del -v /foo busybox'
  • 'docker run --remove -v /foo busybox'
  • 'docker run --rm -v /foo busybox'

Answer : 'docker run --rm -v /foo busybox'

What is the docker command to remove one or more images?


Options are :

  • docker image delete
  • docker delete
  • docker image rm
  • docker remove

Answer : docker image rm

Docker Certified Associate (DCA) Practice Exams Set 24

Which of the following is NOT how to create an efficient image via a Dockerfile?


Options are :

  • Avoid installing unnecessary packages
  • Start with an appropriate base image
  • Combine multiple applications into a single container
  • Use multi-stage builds

Answer : Combine multiple applications into a single container

What is the purpose of Docker Content Trust?


Options are :

  • Signing and verification of image tags
  • Indicating an image on Docker Hub is an official image
  • Enabling mutual TLS between the Docker client and server
  • Docker registry TLS verification and encryption

Answer : Signing and verification of image tags

What is the docker command for displaying layers of a Docker image?


Options are :

  • docker image layers
  • docker layers
  • docker info
  • docker history

Answer : docker history

Docker Certified Associate (DCA) Practice Exams Set 9

What is used by the kernel to isolate resources when running Docker containers?


Options are :

  • Volumes
  • Overlay networks
  • Control groups
  • Namespaces

Answer : Namespaces

What is one way of directly transferring a Docker Image from one Docker host in another?


Options are :

  • There is no way of directly transferring Docker images between hosts. A Docker Registry must be used ad an intermediary.
  • 'docker save' the image to save it as TAR file and copy it over to the target host. Then use 'docker load' to un-TAR the image back as a Docker image.
  • 'docker commit' to save the image outside of the Docker filesystem. Then transfer the file over to the target host and 'docker start' to start the container again.
  • 'docker push' the image to the IP address of the target host.

Answer : 'docker save' the image to save it as TAR file and copy it over to the target host. Then use 'docker load' to un-TAR the image back as a Docker image.

Which statement is true?


Options are :

  • ENTRYPOINT cannot be overriden in the "docker container run" command
  • CMD is used to run the software is the image along with any arguments
  • ENTRYPOINT cannot be used in conjuction with CMD
  • CMD shell format uses this form ["param", param", "param"]

Answer : CMD shell format uses this form ["param", param", "param"]

Docker Certified Associate (DCA) Practice Exams Set 6

What Dockerfile option LABEL does?


Options are :

  • Tells Docker how to test a container to check that it is still working.
  • Label a container that will run as an executable
  • Adds metadata to an image
  • Provide defaults for an executing container

Answer : Adds metadata to an image

What is the difference between the ADD and COPY dockerfile instructions? (choosen 2)


Options are :

  • ADD supports compression format handling while COPY does not.
  • COPY supports regular expression handling while ADD does not.
  • COPY supports compression format handling while ADD does not.
  • ADD supports regular expression handling while COPY does not.
  • ADD support remote URL handling while COPY does not.

Answer : ADD supports compression format handling while COPY does not. ADD support remote URL handling while COPY does not.

Which of the following in the docker command to enable autolock on an existing swarm cluster?


Options are :

  • docker swarm autolock
  • docker swarm update --autolock-swarm=true
  • docker swarm --autolock=true
  • docker swarm update --autolock=true

Answer : docker swarm update --autolock=true

Docker Certified Associate (DCA) Practice Exams Set 5

Which of the following commands starts a Redis container and configures it to always restart unless it is explicitly stopped or Docker is restarted?


Options are :

  • 'docker run -d --failure omit-stopped redis'
  • 'docker run -d --restart omit-stopped redis'
  • 'docker run -d --restart-policy unless-stopped redis'
  • 'docker run -d --restart unless-stopped redis'

Answer : 'docker run -d --restart unless-stopped redis'

Which of these swarm manager configurations will cause the cluster to be in a lost quorum state?


Options are :

  • 1 manager of which 1 is healthy.
  • 3 managers of which 2 are healthy.
  • 4 managers of which 2 are healthy.
  • 5 managers of which 3 are healthy.

Answer : 5 managers of which 3 are healthy.

A container named "analytics" that stores results in a volume called "data" was created. docker run -d --name=analytics -v data:/data webapp. How are the results accessed in "data" with another container called "dbapp"?


Options are :

  • docker run -d --name=reports --volume-from=analytics dbapp
  • docker run -d --name=reports --volume=webapp dbapp
  • docker run -d --name=reports --mount=webapp dbapp
  • docker run -d --name=reports --volume=data dbapp

Answer : docker run -d --name=reports --volume-from=analytics dbapp

Docker Certified Associate (DCA) Practice Exams Set 6

Which of the following is the correct command to store an image to a registry?


Options are :

  • docker upload [OPTIONS] NAME[:TAG]
  • docker store [OPTIONS] NAME[:TAG]
  • docker push [OPTIONS] NAME[:TAG]
  • docker commit [OPTIONS] NAME[:TAG]

Answer : docker push [OPTIONS] NAME[:TAG]

Which statement is true about DTR garbage collection?


Options are :

  • Garbage collection removes DTR images that are older than a configurable of days.
  • Garbage collection removes unused volumes from cluster nodes
  • Garbage collection removes unreferenced image layers from DTR's backend storage.
  • Garbage collection removes exited containers from cluster nodes.

Answer : Garbage collection removes unreferenced image layers from DTR's backend storage.

Which of the following statements is incorrect?


Options are :

  • When a container is deleted, the writable layer is persisted.
  • The column 'virtual size' of docker ps -s output shows the amount of data used for the read-only image data used by the container plus the container's writable layer 'size'.
  • Copy-on-write is a Docker strategy of sharing and copying files for maximum efficiency.
  • The column 'size' of docker ps -s output shows the amount of data that is used for the writable layer of each container.

Answer : When a container is deleted, the writable layer is persisted.

Docker Certified Associate (DCA) Practice Exams Set 9

When seven managers are in a swarm cluster, how would they be distributed across three datacenters or availability zones?


Options are :

  • 3/2/2
  • 4/2/1
  • 5/1/1
  • 3/3/1

Answer : 3/2/2

What is the difference between a resource limit and a resource reservation when scheduling services?


Options are :

  • A resource limit is used to find a host with adequate resources for scheduling a hard limit for your service, while a reservation is hard limit for your service.
  • A resource limit is hard limit for your service, while a reservation is used to find a host with adequate resources for scheduling.
  • A resource limit and a resource reservation can be used interchangeably
  • A resource limit is soft limit for your service, while a reservation is hard limit and the docker engine will do its best to keep your service at the limit.

Answer : A resource limit is hard limit for your service, while a reservation is used to find a host with adequate resources for scheduling.

In Docker Trusted Registry, how would a user prevent an image, for example 'nginx:latest' from being overwritten by another user with push access to the repository?


Options are :

  • Tag the image with 'nginx:immutable'
  • Remove push access from all other users.
  • Use the DTR web UI to make the tag immutable.
  • Keep a backup copy of the image on another repository.

Answer : Use the DTR web UI to make the tag immutable.

Docker Certified Associate (DCA) Practice Exams Set 25

A docker service 'web' is running with a scale factor of 1 (replicas = 1). Bob intends to use the command 'docker service update --replicas=3 web'. Alice intends to use the command 'docker service scale web=3'. How do the outcomes of these two commands differ?


Options are :

  • Bob's command only updates the service definition, but no new replicas are started. Alice's command results in the actual scaling up of the 'web' service.
  • Both Bob's and Alice's commands result in exactly the same outcome, which is 3 instances of the 'web' service.
  • Bob's command results in an error. Alice's command updates the number of replicas of the 'web' service to 3.
  • Bob's command updates the number of replicas of the 'web' service to 3. Alice's command results in an error.

Answer : Bob's command updates the number of replicas of the 'web' service to 3. Alice's command results in an error.

Which option the Dockerfile will appear in the end ?


FROM alpine:latest

WORKDIR /a

WORKDIR b

WORKDIR c

CMD [ '/bin/bash', 'pwd' ]


Options are :

  • /a
  • b
  • c
  • /a/b/c

Answer : /a/b/c

Which constraint role you use if you want to restrict a service to be scheduled in a manager in the Swarm cluster?


Options are :

  • swarm.role != worker
  • node.role == manager
  • swarm.role == manager
  • node.role != manager

Answer : node.role == manager

Docker Certified Associate (DCA) Practice Exams Set 26

A user is having problems running Docker. Which of the following will start Docker in debug mode?


Options are :

  • Set the logging key to debug in the 'daemon.json' file.
  • Start the 'dockerd' process manually with the '--raw-logs' flag set to debug
  • Set the debug key to true in the 'daemon.json' file.
  • Start the 'dockerd' process manually with the '--logging' flag set to debug

Answer : Set the debug key to true in the 'daemon.json' file.

Docker Certified Associate (DCA) Practice Exams Set 21

Which statement is true?


Options are :

  • ENTRYPOINT cannot be overriden in the "docker container run" command
  • CMD is used to run the software is the image along with any arguments
  • ENTRYPOINT cannot be used in conjuction with CMD
  • CMD shell format uses this form ["param", param", "param"]

Answer : CMD shell format uses this form ["param", param", "param"]

What Dockerfile option LABEL does?


Options are :

  • Tells Docker how to test a container to check that it is still working.
  • Label a container that will run as an executable
  • Provide defaults for an executing container
  • Adds metadata to an image

Answer : Adds metadata to an image

Which of the following constitutes a production-ready devicemapper configuration for the docker engine? 


Options are :

  • Nothing, devicemapper comes ready for production usage out of the box.
  • Utilize the '--storage-opt dm.directlvm_device' Docker daemon option, specifying a block device.
  • Create a volume group in devicemapper and utilize the '--dm.thinpooldev' Docker daemon option, specifying the volume group.
  • Format a partition with the xfs and mount it at '/var/lib/docker'

Answer : Utilize the '--storage-opt dm.directlvm_device' Docker daemon option, specifying a block device.

Docker Certified Associate (DCA) Practice Exams Set 3

Which of the Dockerfile options executes any commands in a new layer on top of the current image and commit the results?


Options are :

  • RUN
  • FROM
  • ONBUILD
  • CMD

Answer : RUN

Which of the following is NOT backed up when performing a Docker Trusted backup operation?


Options are :

  • Repository metadata
  • DTR configurations
  • Image blobs
  • Access control to repos and images

Answer : Image blobs

Which of the following is NOT a valid way to tag a Docker image?


Options are :

  • Tag an image referenced by user ID
  • Tag an image referenced by Name
  • Tag an image referenced by image ID
  • Tag an image referenced by Name and Tag

Answer : Tag an image referenced by user ID

Docker Certified Associate (DCA) Practice Exams Set 4

Which of the following statement is true about secrets?


Options are :

  • Secrets can be created from any node in the cluster
  • Secrets are stored unencrypted on manager nodes
  • Secrets can be modified after they are created
  • Secrets can be created using standard input (STDIN) and a file

Answer : Secrets can be created using standard input (STDIN) and a file

When seven managers are in a swarm cluster, how would they be distributed across three datacenters or availability zones?


Options are :

  • 36983
  • 37317
  • 36953
  • 37012

Answer : 37317

What behavior is expected when a service is created with the following command: 'docker service create --publish 8080:80 nginx'?


Options are :

  • All nodes in the cluster will listen on port 8080 and forward to port 80 in the container.
  • Only a single node in the cluster will listen on port 8080 and forward to port 80 in the container.
  • Only a single node in the cluster will listen on port 80 and forward to port 8080 in the container.
  • All nodes in the cluster will listen on port 80 and forward to port 8080 in the container.

Answer : All nodes in the cluster will listen on port 8080 and forward to port 80 in the container.

Docker Certified Associate (DCA) Practice Exams Set 3

Which of the following in the docker command to enable autolock on an existing swarm cluster?


Options are :

  • # docker swarm update --autolock-swarm=true
  • # docker swarm autolock
  • # docker swarm update --autolock=true
  • # docker swarm --autolock=true

Answer : # docker swarm update --autolock=true

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions
  • A docker service 'web' is running with a scale factor of 1 (replicas = 1). Bob intends to use the command 'docker service update --replicas=3 web'. Alice intends to use the command 'docker service scale web=3'. How do the outcomes of these two commands differ?
    
    why Alice command to scale up in this question is wrong?. I think the answer should be both the command perform the same operation.
    Reply
  • User
    When seven managers are in a swarm cluster, how would they be distributed across three datacenters or availability zones?
    
    
    Options are :
    
    36983
    37317
    36953
    37012
    
    --> The answer is 3/2/2
    Reply
  • User
    A docker service 'web' is running with a scale factor of 1 (replicas = 1). Bob intends to use the command 'docker service update --replicas=3 web'. Alice intends to use the command 'docker service scale web=3'. How do the outcomes of these two commands differ?
    
    
    Options are :
    
    Bob's command only updates the service definition, but no new replicas are started. Alice's command results in the actual scaling up of the 'web' service.
    
    Both Bob's and Alice's commands result in exactly the same outcome, which is 3 instances of the 'web' service. --> good answer
    
    Bob's command results in an error. Alice's command updates the number of replicas of the 'web' service to 3.
    Bob's command updates the number of replicas of the 'web' service to 3. Alice's command results in an error.
    Reply
  • User
    Which of these swarm manager configurations will cause the cluster to be in a lost quorum state?
    
    
    Options are :
    
    1 manager of which 1 is healthy.
    3 managers of which 2 are healthy.
    4 managers of which 2 are healthy.
    5 managers of which 3 are UNHEALTHY --> must be unhealthy because the quorum is (5-1)/2=4/2=2
    Reply
    • can someone help me to understand this question: Which of these swarm manager configurations will cause the cluster to be in a lost quorum state?
      
      my understanding is swarm tolerate loss of (n-1)/2 node at most. 
      1 manager of which 1 is healthy.
      3 managers of which 2 are healthy. (2-1)/2 = 1.. but it already lost 1... is this not unhealthy?
      4 managers of which 2 are healthy. (4-1)/2 = 1.5 but it already lost 2...is this not unhealthy? 
      5 managers of which 3 are UNHEALTHY --> must be unhealthy because the quorum is (5-1)/2=4/2=2
      Reply
  • User
    Which of the following is required to install Docker EE from a package repository?
    
    
    Options are :
    
    License key obtained from Docker Hub
    
    Repository URL obtained from Docker Hub --> I think this is the good answer (https://docs.docker.com/ee/docker-ee/ubuntu/#prerequisites)
    
    Repository URL obtained from Docker Store
    
    License key obtained from Docker Store
    Reply
    • manu
      Which constraint role you use if you want to restrict a service to be scheduled in a manager in the Swarm cluster?
      
      node.role!=manager  is correct
      Reply