Docker Certified Associate (DCA) Practice Exams Set 24

Which Docker feature allows you to protect the mutual TLS encryption key and the key used to encrypt and decrypt Raft logs at rest, by allowing you to take ownership of these keys and to require manual unlocking of your managers?


Options are :

  • autolock
  • encrypt
  • protect
  • managerlock

Answer : autolock

Which command can upload an image to a registry?


Options are :

  • docker put
  • docker push
  • docker pull
  • docker upload

Answer : docker push

The only way to recover from losing the quorum is to use which command from a manager node?


Options are :

  • docker swarm init --force-new-cluster
  • docker swarm init --restorequorum
  • docker swarm init
  • docker swarm update --restore-cluster

Answer : docker swarm init --force-new-cluster

Docker Certified Associate (DCA) Practice Exams Set 5

You can set the logging driver for a specific container by using the --log-driver flag to which commands? (select two)


Options are :

  • docker run
  • docker container create
  • docker logs
  • docker logging

Answer : docker run docker container create

Which of the following are valid Docker Editions? (select two)


Options are :

  • Docker CE
  • Docker Flex
  • Docker Premium
  • Docker EE

Answer : Docker CE Docker EE

All swarm service management traffic is encrypted by default.


Options are :

  • TRUE
  • FALSE

Answer : TRUE

Docker Certified Associate (DCA) Practice Exams Set 25

It recommended to write instructions in a dockerfile in UPPERCASE and arguments in lowercase


Options are :

  • TRUE
  • FALSE

Answer : TRUE

Which instruction creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers?


Options are :

  • VOLUME
  • DISK
  • ENTRYPOINT
  • MOUNT

Answer : VOLUME

Which cleanup command should be run on the manager node after another node has left the swarm?


Options are :

  • docker swarm node rm
  • docker node remove
  • docker node rm
  • docker node delete

Answer : docker node rm

Docker Certified Associate (DCA) Practice Exams Set 9

What is the enterprise-grade cluster management solution from Docker called?


Options are :

  • Docker Universal Control Plane (UCP)
  • Docker Cluster Manager
  • Docker View
  • Docker Flight Deck

Answer : Docker Universal Control Plane (UCP)

Which column of the 'docker node ls' command shows whether or not the scheduler can assign tasks to the node?


Options are :

  • MANAGER STATUS
  • STATE
  • AVAILABILITY
  • STATUS

Answer : AVAILABILITY

All application data traffic is encrypted by default.


Options are :

  • TRUE
  • FALSE

Answer : FALSE

Docker Certified Associate (DCA) Practice Exams Set 9

Which instruction sets the user name (or UID) and optionally the user group (or GID) to use when running the image and for any RUN, CMD and ENTRYPOINT instructions that follow it in the Dockerfile?


Options are :

  • WHO
  • SUDO
  • RUNAS
  • USER

Answer : USER

Before signing and pushing images to DTR you should perform which actions? (select two)


Options are :

  • Import your UCP private keys to the Notary client
  • Configure the Notary CLI client
  • Install openssl
  • Import your UCP private keys in DTR

Answer : Import your UCP private keys to the Notary client Configure the Notary CLI client

Which of the following is supported by control groups?


Options are :

  • Manage certificates
  • Limit CPU usage within a container
  • Collect net
  • Isolate processes in a container

Answer : Limit CPU usage within a container

Docker Certified Associate (DCA) Practice Exams Set 7

Which of the following is NOT how to create an efficient image via a Dockerfile?


Options are :

  • Avoid installing unnecessary packages
  • Start with an appropriate base image
  • Use multi-stage builds
  • Combine multiple applications into a single container

Answer : Combine multiple applications into a single container

What are the two types of docker swarm services?


Options are :

  • replicated and global services
  • local and global services
  • distributed and replicated services
  • replicated and local services

Answer : replicated and global services

An application image runs in multiple environments, and each environment uses different certificates and ports, what is the best practice to deploy the containers?


Options are :

  • Create a config file for each environment.
  • Create a Dockerfile for each environment, specifying ports and Docker secrets for certificates.
  • Create images that contain the specific configuration for every environment.
  • Create a Dockerfile for each environment, specifying ports and ENV variables for certificates.

Answer : Create a config file for each environment.

Docker Certified Associate (DCA) Practice Exams Set 8

Which network driver type is best when you need containers running on different Docker hosts to communicate, or when multiple applications work together using swarm services?


Options are :

  • Macvlan networks
  • Overlay networks
  • User-defined bridge networks
  • Host networks

Answer : Overlay networks

What Dockerfile option EXPOSE does?


Options are :

  • Informs Docker that the container listens on the specified network ports at runtime
  • Label a container that will run as an executable
  • Expose defaults for an executing container
  • Adds metadata to an image

Answer : Informs Docker that the container listens on the specified network ports at runtime

Wha is the purpose of Docker Content Trust?


Options are :

  • Signing and verification of image tags
  • Enabling mutual TLS between the Docker client and server
  • Docker registry TLS verification and encryption
  • Indicating an image on Docker Hub is an official image

Answer : Signing and verification of image tags

Docker Certified Associate (DCA) Practice Exams Set 4

Which of the following is the docker command to enable autolock on an existing swarm cluster?


Options are :

  • docker swarm autolock
  • docker swarm update --autolock=true
  • docker swarm --autolock=true
  • docker swarm update --autolock-swarm=true

Answer : docker swarm update --autolock=true

What is the docker command to connect a running container to an existing user-defined bridge?


Options are :

  • docker network join
  • docker connect network
  • docker network connect
  • docker network attach

Answer : docker network connect

What docker image prune command does?


Options are :

  • Remove unused images
  • Remove one or more images
  • Show the history of an image
  • Display detailed information on one or more images

Answer : Remove unused images

Docker Certified Associate (DCA) Practice Exams Set 22

Which network driver type is best when you are migrating from a VM setup or need your containers to look like physical hosts on your network, each with a unique MAC address?


Options are :

  • Overlay networks
  • Host networks
  • User-defined bridge networks
  • Macvlan networks

Answer : Macvlan networks

What is the docker command to see the storage driver Docker is currently using?


Options are :

  • docker status
  • docker info
  • docker config
  • docker inspect

Answer : docker info

You have created a Docker bridge network on a host with three containers attached, how do you make this containers accessible outside of the host?


Options are :

  • Use --link to access the containers on the bridge network
  • Use network connect to access the containers on the bridge network
  • Use network attach to access the containers on the bridge network
  • Use either EXPOSE or --publish to access the containers on the bridge network

Answer : Use either EXPOSE or --publish to access the containers on the bridge network

Docker Certified Associate (DCA) Practice Exams Set 23

Which network driver type is best when you need multiple containers to communicate on the same Docker host?


Options are :

  • Macvlan networks
  • Overlay networks
  • User-defined bridge networks
  • Host networks

Answer : User-defined bridge networks

What does docker image rm command do?


Options are :

  • Remove unused images
  • Show the history of an image
  • Remove one or more images
  • Display detailed information on one or more images

Answer : Remove one or more images

The output of which command can be used to find the architecture and operating system an image is compatible with?


Options are :

  • docker image inspect --format {{.Architecture}} {{.OS}} '
  • docker image ls
  • docker image info
  • docker image inspect --filter {{.Architecture}} {{.OS}} '

Answer : docker image inspect --format {{.Architecture}} {{.OS}} '

Docker Certified Associate (DCA) Practice Exams Set 23

Which of the following statements is false?


Options are :

  • User-defined bridges provide better isolation and interoperability between containerized applications
  • Linked containers on the default bridge network share environment variables
  • Containers can NOT be attached and detached from user-defined networks on the fly
  • Each user-defined network creates a configurable bridge

Answer : Containers can NOT be attached and detached from user-defined networks on the fly

What is the function of docker inspect command?


Options are :

  • To inspect changes to files or directories on a container's filesystem
  • To return low-level information on Docker objects
  • To manage Docker configs
  • To display system-wide information

Answer : To return low-level information on Docker objects

Which of the following Dockerfile options creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers?


Options are :

  • WORKDIR
  • VOLUME
  • RUN
  • ONBUILD

Answer : VOLUME

Docker Certified Associate (DCA) Practice Exams Set 4

What are the steps needed to sign images in a way that UCP trusts them? (select three)


Options are :

  • Initialize trust metadata for the repository
  • Delegate signing to the keys in your UCP client bundle
  • Configure Notary client
  • Approve image sign on UCP

Answer : Initialize trust metadata for the repository Delegate signing to the keys in your UCP client bundle Configure Notary client

When seven managers are in a swarm cluster how would they be distributed across three datacenters or availability zones?


Options are :

  • 3-2-2
  • 3-3-1
  • 5-1-1
  • 4-2-1

Answer : 3-2-2

Which of the following constitutes a production-ready devicemapper configuration for the Docker engine?


Options are :

  • Create a volume group in devicemapper and utilize the '--dm.thinpooldev' Docker daemon option, specifying the volume group
  • Format a partition with xfs and mount it at '/var/lib/docker'
  • Nothing, devicemapper comes ready for production usage out of the box
  • Utilize the '--storage-opt dm.directlvm_device' Docker daemon option, specifying a block device

Answer : Utilize the '--storage-opt dm.directlvm_device' Docker daemon option, specifying a block device

Docker Certified Associate (DCA) Practice Exams Set 8

Which one of the following commands will show a list of volumes for a specific container?


Options are :

  • 'docker container logs nginx --volumes'
  • 'docker volume logs nginx --containers'
  • 'docker volume inspect nginx'
  • 'docker container inspect nginx'

Answer : 'docker container inspect nginx'

From a DevOps process standpoint, it is best practice to keep changes to an application in version control. Which of the following will allow changes to a docker Image to be stored in a version control system?


Options are :

  • docker save
  • A dockerfile
  • A docker-compose.yml file
  • docker commit

Answer : docker commit

A host machine has four CPUs available and two running containers. The sysadmin would like to assign two CPUs to each container. Which of the following commands achieves this?


Options are :

  • Set the '--cpuset-cpus' flag to '.5' on both containers
  • Set the '--cpuset-cpus' flag of the 'dockerd' process to the value 'even-spread'
  • Set the '--cpu-quota' flag to '1.3' on one container and '2,4' on the other container.
  • Set the '--cpuset-cpu's flag to '1.3' on one container and '2.4' on the other container.

Answer : Set the '--cpuset-cpus' flag to '.5' on both containers

Docker Certified Associate (DCA) Practice Exams Set 8

What is the correct order to upgrade a Docker cluster?


Options are :

  • Upgrade UCP, DTR, then engine and kernel
  • Upgrade engine and kernel, DTR, and then UCP
  • Upgrade engine and kernel, UCP, and then DTR
  • Upgrade DTR, UCP, then engine and kernel

Answer : Upgrade engine and kernel, UCP, and then DTR

What is the purpose of multi-stage builds?


Options are :

  • Optimizing images by copying artifacts selectively from previous stages
  • Better logical separation of Dockerfile instructions for better readability
  • Better caching when building Docker images
  • Faster image builds by allowing parallel execution of Docker builds

Answer : Optimizing images by copying artifacts selectively from previous stages

What is the docker command to add a node to a swarm?


Options are :

  • docker swarm add-node
  • docker swarm create-node
  • docker swarm join
  • docker join swarm

Answer : docker swarm join

Docker Certified Associate (DCA) Practice Exams Set 9

Which of the following commands will automatically create a volume when a container is started?


Options are :

  • 'docker container run --name nginxtest --volumes myvol:/app:new nginx'
  • 'docker container run --name nginxtest --volumes=/app nginx'
  • 'docker container run --name nginxtest -v /app:mount nginx'
  • 'docker container run --name nginxtest -v myvol:/app nginx'

Answer : 'docker container run --name nginxtest -v myvol:/app nginx'

Following the principle of least privilege, which of the following methods can be used to securely grant access to the specific user to communicate to a Docker engine? (Choose two.)


Options are :

  • Utilize the '--host 127.0.0.1:2375' option to the Docker daemon to listen on port 2375 over TCP on localhost
  • Give the user root access to the server to allow them to run Docker commands as root.
  • Utilize the '--host 0.0.0.0:2375' option to the Docker daemon to listen on port 2375 over TCP on all interfaces
  • Utilize openssl to create TLS client and server certificates, configuring the Docker engine to use with mutual TLS over TCP.
  • Add the user to the 'docker' group on the server or specify the groue? with the '--group' Docker daemon option.

Answer : Utilize openssl to create TLS client and server certificates, configuring the Docker engine to use with mutual TLS over TCP. Add the user to the 'docker' group on the server or specify the groue? with the '--group' Docker daemon option.

What is the difference between a resource limit and a resource reservation when scheduling services?


Options are :

  • A resource limit and a resource reservation can be used interchangeably.
  • A resource limit is hard limit for your service, while a reservation is used to find a host with adequate resources for scheduling.
  • A resource limit is a soft limit for your service, while a reservation is hard limit and the docker engine will do its best to keep your service at the limit.
  • A resource limit is used to find a host with adequate resources for scheduling a hard limit for your service, while a reservation is hard limit for your service.

Answer : A resource limit is hard limit for your service, while a reservation is used to find a host with adequate resources for scheduling.

Docker Certified Associate (DCA) Practice Exams Set 6

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions