Docker Certified Associate (DCA) Practice Exams Set 7

How many free private repositories can a user get with Docker Hub user account?


Options are :

  • 0
  • 1
  • 2
  • 3

Answer : 1

Which of the following actions can you not commit under Docker's Apache 2.0 license?


Options are :

  • Study the logic and create a parallel product.
  • Use Docker API in your own product to utilize containerization features
  • Modify Docker APIs for your research work.
  • Sell Docker APIs under your product's name without any accreditation to Docker.

Answer : Sell Docker APIs under your product's name without any accreditation to Docker.

Docker Certified Associate (DCA) Practice Exams Set 9

True or False?

Bind mounts can be managed directly by Docker CLI commands.


Options are :

  • True
  • False

Answer : False

What will happen if you use --mount flag to bind-mount container's directory to a directory on Docker host which does not exist yet?


Options are :

  • Docker will create a new directory on Docker host and backup all the data of mounted container directory.
  • Docker will create a directory with a warning of security vulnerabilities on Docker host.
  • Docker won't create any directory on Docker host and generate an error message.
  • Docker daemon will generate a warning and suggest to use --mount-to flag with directory location on Docker host to create that particular directory.

Answer : Docker won't create any directory on Docker host and generate an error message.

True or False?

With Docker Desktop on Mac, you only get one VM, managed by Docker Desktop.


Options are :

  • True
  • False

Answer : True

Docker Certified Associate (DCA) Practice Exams Set 7

Which of the following Dockerfile options creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers?


Options are :

  • ONBUILD
  • WORKDIR
  • VOLUME
  • RUN

Answer : VOLUME

Docker Certified Associate (DCA) Practice Exams Set 20

What Dockerfile option EXPOSE does?


Options are :

  • Informs Docker that the container listens on the specified network ports at runtime
  • Label a container that will run as an executable
  • Expose defaults for an executing container
  • Adds metadata to an image

Answer : Informs Docker that the container listens on the specified network ports at runtime

Which of the following commands will automatically create a volume when a container is started?


Options are :

  • docker container run --name nginxtest --volumes=/app nginx'
  • docker container run --name nginxtest --volumes myvol:/app:new nginx'
  • docker container run --name nginxtest -v myvol:/app nginx'
  • docker container run --name nginxtest -v /app:mount nginx'

Answer : docker container run --name nginxtest --volumes=/app nginx'

Which command interactively monitors all container activity in the Docker engine?


Options are :

  • docker container logs
  • docker system logs
  • docker system events
  • docker container events

Answer : docker system events

Docker Certified Associate (DCA) Practice Exams Set 9

A server is running low on disk space. What command can be used to check the disk usage of images, containers, and volumes for Docker engine?


Options are :

  • docker system ps'
  • docker system prune'
  • docker system df'
  • docker system free'

Answer : docker system df'

Which of the following is true about using the '-P' option when creating a new container?


Options are :

  • Docker gives extended privileges to the container.
  • Docker binds each exposed container port to a random port on all the host's interface
  • Docker binds each exposed container port to a random port on a specified host interface
  • Docker binds each exposed container port with the same port on the host

Answer : Docker binds each exposed container port to a random port on all the host's interface

An application image runs in multiple environments, and each environment uses different certificates and ports, what is the best practice to deploy the containers?


Options are :

  • Create a config file for each environment.
  • Create a Dockerfile for each environment, specifying ports and Docker secrets for certificates.
  • Create images that contain the specific configuration for every environment.
  • Create a Dockerfile for each environment, specifying ports and ENV variables for certificates.

Answer : Create a config file for each environment.

Docker Certified Associate (DCA) Practice Exams Set 2

Which of the following are types of namespaces used by Docker to provide isolation? (Choose 2.)


Options are :

  • Network
  • Process ID
  • Storage
  • Authentication
  • Host

Answer : Network Process ID

You have just executed 'docker swarm leave' on a node. What command can be run on the same node to confirm it has left the cluster?


Options are :

  • docker node status
  • docker system info
  • docker system status
  • docker node ls

Answer : docker system info

From a DevOps process standpoint, it is best practice to keep changes to an application in version control. Which of the following will allow changes to a docker Image to be stored in a version control system?


Options are :

  • A docker-compose.yml file
  • docker save
  • docker commit
  • A dockerfile

Answer : docker commit

Docker Certified Associate (DCA) Practice Exams Set 14

Which of the following is the docker command to enable autolock on an existing swarm cluster?


Options are :

  • docker swarm update --autolock=true
  • docker swarm autolock
  • docker swarm --autolock=true
  • docker swarm update --autolock-swarm=true

Answer : docker swarm update --autolock=true

When seven managers are in a swarm cluster how would they be distributed across three datacenters or availability zones?


Options are :

  • 3/3/2001
  • 5/1/2001
  • 4/2/2001
  • 3/2/2002

Answer : 3/2/2002

What Dockerfile option LABEL does?


Options are :

  • Tells Docker how to test a container to check that it is still working
  • Provide defaults for an executing container
  • Label a container that will run as an executable
  • Adds metadata to an image

Answer : Adds metadata to an image

Docker Certified Associate (DCA) Practice Exams Set 9

What is the difference between a resource limit and a resource reservation when scheduling services?


Options are :

  • A resource limit and a resource reservation can be used interchangeably.
  • A resource limit is used to find a host with adequate resources for scheduling a hard limit for your service, while a reservation is hard limit for your service.
  • A resource limit is hard limit for your service, while a reservation is used to find a host with adequate resources for scheduling.
  • A resource limit is a soft limit for your service, while a reservation is hard limit and the docker engine will do its best to keep your service at the limit.

Answer : A resource limit is hard limit for your service, while a reservation is used to find a host with adequate resources for scheduling.

What service mode is used to deploy a single task of a service to each node?


Options are :

  • spread
  • universal
  • replicated
  • distributed
  • global

Answer : global

Which of the following is NOT how to create an efficient image via a Dockerfile?


Options are :

  • Combine multiple applications into a single container
  • Start with an appropriate base image
  • Use multi-stage builds
  • Avoid installing unnecessary packages

Answer : Combine multiple applications into a single container

Docker Certified Associate (DCA) Practice Exams Set 4

What is the purpose of a client bundle in the Universal Control Plane?


Options are :

  • Provide a new user instructions for how to login to the Universal Control Plane
  • Group multiple users in a team in the Universal Control Plane
  • Authenticate a user using client certificates to the Universal Control Plane
  • Provide a user with a Docker client binary compatible with the Universal Control Plane

Answer : Authenticate a user using client certificates to the Universal Control Plane

Wha is the purpose of Docker Content Trust?


Options are :

  • Indicating an image on Docker Hub is an official image
  • Enabling mutual TLS between the Docker client and server
  • Docker registry TLS verification and encryption
  • Signing and verification of image tags

Answer : Signing and verification of image tags

A container named "analytics" that stores results in a volume called "data" was created. docker run -d --name=analytics -v data:/data app1 How are the results accessed in "data" with another container called "app2"?


Options are :

  • docker run -d --name=reports --volumes-from=analytics app2
  • docker run -d --name=reports --volume=data app2
  • docker run -d --name=reports --mount=app1 app2
  • docker run -d --name=reports --volume=app1 app2

Answer : docker run -d --name=reports --volumes-from=analytics app2

Docker Certified Associate (DCA) Practice Exams Set 8

Which of the following statements is true about secrets?


Options are :

  • Secret are stored unencrypted on manager nodes.
  • Secrets can be created using standard input (STDIN) and a file.
  • Secrets can be modified after they are created.
  • Secrets can be created from any node in the cluster.

Answer : Secrets can be created using standard input (STDIN) and a file.

What is the function of docker inspect command?


Options are :

  • To return low-level information on Docker objects
  • To display system-wide information
  • To inspect changes to files or directories on a container's filesystem
  • To manage Docker configs

Answer : To return low-level information on Docker objects

Which of the following constitutes a production-ready devicemapper configuration for the Docker engine?


Options are :

  • Utilize the '--storage-opt dm.directlvm_device' Docker daemon option, specifying a block device
  • Nothing, devicemapper comes ready for production usage out of the box
  • Create a volume group in devicemapper and utilize the '--dm.thinpooldev' Docker daemon option, specifying the volume group
  • Format a partition with xfs and mount it at '/var/lib/docker'

Answer : Utilize the '--storage-opt dm.directlvm_device' Docker daemon option, specifying a block device

Docker Certified Associate (DCA) Practice Exams Set 3

Which of the following is supported by control groups?


Options are :

  • Limit CPU usage within a container
  • Manage certificates
  • Collect net
  • Isolate processes in a container

Answer : Limit CPU usage within a container

Following the principle of least privilege, which of the following methods can be used to securely grant access to the specific user to communicate to a Docker engine? (Choose two.)


Options are :

  • Utilize the '--host 127.0.0.1:2375' option to the Docker daemon to listen on port 2375 over TCP on localhost
  • Give the user root access to the server to allow them to run Docker commands as root.
  • Add the user to the 'docker' group on the server or specify the groue? with the '--group' Docker daemon option.
  • Utilize openssl to create TLS client and server certificates, configuring the Docker engine to use with mutual TLS over TCP.
  • Utilize the '--host 0.0.0.0:2375' option to the Docker daemon to listen on port 2375 over TCP on all interfaces

Answer : Add the user to the 'docker' group on the server or specify the groue? with the '--group' Docker daemon option. Utilize openssl to create TLS client and server certificates, configuring the Docker engine to use with mutual TLS over TCP.

Which of these swarm manager configurations will cause the cluster to be in a lost quorum state?


Options are :

  • 5 managers of which 3 are healthy
  • 1 manager of which 1 is healthy
  • 4 managers of which 2 are healthy
  • 3 managers of which 2 are healthy

Answer : 4 managers of which 2 are healthy

Docker Certified Associate (DCA) Practice Exams Set 18

After creating a new service named 'http', you notice that the new service is not registering as healthy. How do you view the list of historical tasks for that service by using the command line?


Options are :

  • docker service ps http'
  • docker service inspect http'
  • docker inspect http'
  • docker ps http'

Answer : docker service inspect http'

Which of the following is true about overlay networks?


Options are :

  • Overlay networks are created on all cluster nodes when you create the overlay network.
  • Overlay networks are only created on the manager nodes.
  • Overlay networks are created only on the manager node that you created the overlay networking on.
  • Overlay networks are first created on the manager nodes. Then they are created on the worker nodes once a task is scheduled on the specific worker node.

Answer : Overlay networks are first created on the manager nodes. Then they are created on the worker nodes once a task is scheduled on the specific worker node.

Each container shares common writeable container layer. True or false?


Options are :

  • FALSE
  • TRUE

Answer : FALSE

Docker Certified Associate (DCA) Practice Exams Set 26

In Docker Trusted Registry, how would a user prevent an image, for example 'nginx:latest' from being overwritten by another user with push access to the repository?


Options are :

  • Remove push access from all other users.
  • Keep a backup copy of the image on another repository.
  • Use the DTR web UI to make the tag immutable.
  • Tag the image with 'nginx:immutable'

Answer : Use the DTR web UI to make the tag immutable.

Which one of the following commands will result in the volume being removed automatically once the container has exited?


Options are :

  • docker run --del -v /foo busybox'
  • docker run --read-only -v /foo busybox'
  • docker run --remove -v /foo busybox'
  • docker run --rm -v /foo busybox'

Answer : docker run --rm -v /foo busybox'

What behavior is expected when a service is created with the following command: 'docker service create --publish 8080:80 nginx'


Options are :

  • Only a single node in the cluster will listen on port 80 and forward to port 8080 in the container.
  • All nodes in the cluster will listen on port 8080 and forward to port 80 in the container.
  • All nodes in the cluster will listen on port 80 and forward to port 8080 in the container.
  • Only a single node in the cluster will listen on port 8080 and forward to port 80 in the container.

Answer : All nodes in the cluster will listen on port 8080 and forward to port 80 in the container.

Docker Certified Associate (DCA) Practice Exams Set 7

If installing Docker using devicemapper for storage with the Intent to run production workloads, how should devicemapper be configured?


Options are :

  • loop-lvm
  • direct-lvm
  • aufs-lvm
  • overlay-lvm

Answer : direct-lvm

How do you configure Docker engine to use a registry that is not configured with TLS certificates from a trusted CA?


Options are :

  • Set INSECURE_REGISTRY in the '/etc/docker/default' configuration file
  • Pass the '--insecure-registry' flag to the daemon at run time
  • Set and export the IGNORE_TLS environment variable on the command line
  • Set IGNORE_TLS in the 'daemon.json' configuration file.

Answer : Pass the '--insecure-registry' flag to the daemon at run time

Which of the following commands starts a Redis container and configures it to always restart unless it is explicitly stopped or Docker is restarted?


Options are :

  • docker run -d --restart-policy unless-stopped redis'
  • docker run -d --failure omit-stopped redis'
  • docker run -d --restart omit-stopped redis'
  • docker run -d --restart unless-stopped redis'

Answer : docker run -d --restart unless-stopped redis'

Docker Certified Associate (DCA) Practice Exams Set 23

The following health check exists in a Dockerfile: 'HEALTCHECK CMD curl --fail http://localhost/health || exit 1' Which of the following describes its purpose?


Options are :

  • Defines the health check endpoint on the localhost interface for external monitoring tools to monitor the health of the docker engine.
  • Defines the health check for the containerized application so that the application health can be monitored by the Docker engine
  • Defines the action taken when container health fails, which in this case will kill the container with exit status 1
  • Defines the health check endpoint on the local host interface for containers to monitor the health of the docker engine

Answer : Defines the action taken when container health fails, which in this case will kill the container with exit status 1

Which of the following modes can be used for service discovery of a Docker swarm service (Pick 2 correct answers)


Options are :

  • Network Address Translation(NAT) with --endpoint-mode nat
  • Ingress with --endpoint-mode ingress
  • Overlay with --endpoint-mode overlay
  • DNS Round-Robin with --endpoint-mode dnsrr
  • Virtual IP (VIP) with --endpoint-mode vip

Answer : DNS Round-Robin with --endpoint-mode dnsrr Virtual IP (VIP) with --endpoint-mode vip

Which of the following is the correct command to tag an image?


Options are :

  • docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
  • docker tag image SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
  • docker tag TARGET_IMAGE[:TAG] SOURCE_IMAGE[:TAG]
  • docker build tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

Answer : docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

Docker Certified Associate (DCA) Practice Exams Set 6

A service 'wordpress' is running using a password string to connect to a non-Dockerized database service. The password string is passed into the 'wordpress' service as a Docker secret. Per security policy, the password on the database was changed. Identity the correct sequence of steps to rotate the secret from the old password to the new password.


Options are :

  • Create a new docker secret with the new password. Trigger a rolling secret update by using the 'docker secret update' command
  • Create a new docker secret with the new password. Remove the existing service using 'docker service rm'. Start a new service with the new secret using "--secret="
  • Create a new docker secret with a new password. Trigger a rolling update of the "wordpress" service, by using "-- secret-rm" & "--secret-add" to remove the old secret and add the updated secret.
  • Trigger an update to the service by using 'docker service update --secret='

Answer : Create a new docker secret with a new password. Trigger a rolling update of the "wordpress" service, by using "-- secret-rm" & "--secret-add" to remove the old secret and add the updated secret.

Docker image is built up from a series of layers and each layer represents an instruction in the image's Dockerfile. True or false?


Options are :

  • TRUE
  • FALSE

Answer : TRUE

Which statement is true?


Options are :

  • CMD is used to run the software is the image along with any arguments
  • CMD shell format uses this form ["param", param", "param"]
  • ENTRYPOINT cannot be overriden in the "docker container run" command
  • ENTRYPOINT cannot be used in conjuction with CMD

Answer : CMD shell format uses this form ["param", param", "param"]

Docker Certified Associate (DCA) Practice Exams Set 6

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions
  • VK
    The answer for the following question is listed incorrectly: it should be docker service ps http
    After creating a new service named 'http', you notice that the new service is not registering as healthy. How do you view the list of historical tasks for that service by using the command line?
    
    Options are :
    
    docker service ps http'
    docker service inspect http' (Correct)
    docker inspect http'
    docker ps http'
    Answer : docker service inspect http'
    Reply
    • correct  answer: "docker ps http"  
      https://docs.docker.com/engine/reference/commandline/service_ps/
      "In addition to running tasks, the output also shows the task history."
      
      Reply
      • mistyped. Correct: "docker service ps http"
        Reply
  • VK
    The Answer for the below question is stated wrongly - it should be 
    docker container run --name nginxtest -v myvol:/app nginx'
    
    Which of the following commands will automatically create a volume when a container is started?
    
    Options are :
    
    docker container run --name nginxtest --volumes=/app nginx' (Correct)
    docker container run --name nginxtest --volumes myvol:/app:new nginx'
    docker container run --name nginxtest -v myvol:/app nginx'
    docker container run --name nginxtest -v /app:mount nginx'
    Answer : docker container run --name nginxtest --volumes=/app nginx'
    
    Reply