Docker Certified Associate (DCA) Practice Test Set 3

In which of the following circumstances a service WILL NOT end up in a PENDING state?


Options are :

  • If you created a global service but set a placement preference.
  • If no node in the swarm has the required amount of resources.
  • If a service cannot meet a constraint rule set during the creation step.
  • If all worker nodes are unavailable and you only have manager nodes available. (Correct)

Answer :If all worker nodes are unavailable and you only have manager nodes available.

Which of the following options are available to run a single container?


Options are :

  • published port, user, log driver, restart policy (Correct)
  • published port, user, log driver, placement constraints
  • published port, volume, secrets, log driver
  • volume, secrets, log driver, memory limit

Answer :published port, user, log driver, restart policy

"docker service create nginx" is a command that creates a service in docker swarm. Which of the following statements is NOT TRUE?


Options are :

  • This command can only be run from a manager node.
  • Your service will not be able to serve inbound connections.
  • A replica will run either from a manager or from a worker node.
  • This service will only run from a worker. (Correct)

Answer :This service will only run from a worker.

Docker Certified Associate 2020 - Practice Exams - NEW Set 7

Which of the following is NOT backed up while backing up DTR?


Options are :

  • User, orgs, teams (Correct)
  • Configurations
  • Repository metadata
  • Certificate and keys

Answer :User, orgs, teams

You have a Docker host that is used to build images and tests them. You create Docker images using the multi-stage build feature. Because of that, there are a large number of dangling images in this host. Which of the following commands you could run to only remove the dangling images?


Options are :

  • docker rmi --filter dangling=true
  • docker prune --filter dangling=true
  • docker system prune
  • docker image prune --filter dangling=true (Correct)

Answer :docker image prune --filter dangling=true

Which one of the following is the preferred storage driver, for all currently supported Linux distributions?


Options are :

  • aufs
  • overlay2 (Correct)
  • btrfs
  • devicemapper

Answer :overlay2

Docker and Containers: Commands Set 1

What is the default location of secrets inside a Docker container?


Options are :

  • /run/secrets/ (Correct)
  • /secrets/
  • /var/run/
  • /var/secrets/

Answer :/run/secrets/

Which is the default location of a config file when using Docker config?


Options are :

  • /run/config/
  • /var/run/
  • / (Correct)
  • /config/

Answer :/

Which of the following options would enable to SSH into a running Docker container named 'nginx'?


Options are :

  • docker exec -it nginx /bin/sh (Correct)
  • docker inspect webserver
  • docker run -it nginx /bin/sh
  • docker ssh -it nginx /bin/sh

Answer :docker exec -it nginx /bin/sh

Docker Certified Associate (DCA) Practice Tests Set 9

How can you trigger a image build process directly from a git url?


Options are :

  • docker build --remote https://github.com/example/docker-example.git
  • docker build https://github.com/bocadilloproject/docker-example.git (Correct)
  • docker build --from-git https://github.com/bocadilloproject/docker-example.git
  • docker build --from-url https://github.com/bocadilloproject/docker-example.git

Answer :docker build https://github.com/bocadilloproject/docker-example.git

How do you setup the default logging driver on Docker daemon to be the syslog driver?


Options are :

  • On /etc/docker/daemon.yaml or C:\ProgramData\docker\config\daemon.yaml, just add: log-driver: "syslog"
  • On /etc/docker/daemon.json or C:\ProgramData\docker\config\daemon.json, just add: { "log-driver": "syslog" } (Correct)
  • On /etc/docker/daemon.cfg or C:\ProgramData\docker\config\daemon.cfg, just add: { "log-driver": "syslog" }
  • On /etc/docker/daemon.cfg or C:\ProgramData\docker\config\daemon.cfg, just add: log-driver: "syslog"

Answer :On /etc/docker/daemon.json or C:\ProgramData\docker\config\daemon.json, just add: { "log-driver": "syslog" }

You are creating a new Docker Swarm. This docker Swarm needs to use a subnet range of 172.16.2.0/24 in its overlay netowrk to avoid collision with other networks. Which command below would enforce the usage of this subnet range?


Options are :

  • docker swarm init --addr-pool 172.16.2.0/24
  • docker swarm init --default-addr-pool 172.16.2.0/24 (Correct)
  • docker swarm init --address-pool 172.16.2.0/24
  • docker swarm init --address-range 172.16.2.0/24

Answer :docker swarm init --default-addr-pool 172.16.2.0/24

Docker and Containers: Commands Set 1

Which of the following is default network in docker?


Options are :

  • bridge (Correct)
  • macvlan
  • host
  • overlay

Answer :bridge

You are setting up a new Docker Swarm on AWS. You must ensure that the traffic between hosts are not block either by the Security Group Rules nor by Network Access Control List. Which of the following answers covers all ports that must be allowed between Docker hosts?


Options are :

  • TCP/2377 and UDP/2377
  • TCP/7946 and UDP/2377
  • TCP/2377, TCP/7946, and UDP/7946 (Correct)
  • TCP/2377 and TCP/4789

Answer :TCP/2377, TCP/7946, and UDP/7946

Which of the following commands can be used to attach an existing network named 'net1' to a container 'container1' which is currently running in network named 'net2'?


Options are :

  • docker network connect net1 net2 container1
  • docker network connect net1 container1 (Correct)
  • docker connect network net1 net2
  • docker connect network net1 container1
  • docker connect network net1 net2 container1

Answer :docker network connect net1 container1

Docker and Containers: Commands Set 4

Which of the following commands will deploy nginx only on worker nodes of the swarm so that it is accessible externally on port 8000. NOTE: By external connectivity means the nginx can be accessed on http://WORKER_IP:8000


Options are :

  • docker service create -p 8000 --constraint node.role=worker nginx
  • docker service create -p 8000 --placement-pref node.role=worker nginx
  • docker service create -p 8000:80 --constraint node.role=worker nginx (Correct)
  • docker service create -p 8000:80 --placement-pref node.role=worker nginx

Answer :docker service create -p 8000:80 --constraint node.role=worker nginx

You built this amazing image using a Dockerfile on your system. You initially tagged it as “myimage”. Now you need to push this to a registry which resides at “myregistry.com” and is running at port 9999. What tag and push would you do to achieve it?


Options are :

  • docker push --registry myregistry.com:9999 myimage
  • docker tag myimage myregistry.com:9999/myimage && docker push myregistry.com:9999/myimage (Correct)
  • docker tag myregistry.com:9999/myimage myimage && docker push myregistry.com:9999/myimage
  • docker tag myimage myregistry.com/myimage && docker push -p 9999 myregistry.com/myimage

Answer :docker tag myimage myregistry.com:9999/myimage && docker push myregistry.com:9999/myimage

You have an image which has ENTRYPOINT [“/bin/bash”, “-c”, “ping”] CMD [“localhost”] Image name is myimage. How would you run this image to ping google.com


Options are :

  • docker run -it myimage ping google.com
  • docker run -it myimage google.com (Correct)
  • docker run -it myimage /bin/bash -c ping google.com
  • None of these or All of these

Answer :docker run -it myimage google.com

Docker Certified Associate (DCA) Practice Exams Set 5

Which of the following is a valid command to assign static IP to a container?


Options are :

  • docker run --static-ip 172.18.0.22
  • docker run --ip 172.18.0.22
  • None of the above (Correct)
  • docker run --network-ip 172.18.0.22

Answer :None of the above

Which of the following networks are created by default after initialising a docker swarm? “docker swarm init”


Options are :

  • docker_gwbridge and ingress (Correct)
  • docker_bridge and overlay
  • bridge and ingress
  • only docker_gwbridge

Answer :docker_gwbridge and ingress

Who is the owner of the docker.sock file created while running docker and what are the default permissions on it?


Options are :

  • root, 660 (Correct)
  • root, 770
  • admin, 660
  • admin, 770

Answer :root, 660

Docker Certified Associate (DCA) Practice Exams Set 13

Fill in the blank: Docker Content Trust provides the ability to use __________ for verifying integrity and the publisher of all the data received from a registry over any channel.


Options are :

  • end to end encryption
  • digital signatures (Correct)
  • symmetric key encryption
  • a container

Answer :digital signatures

Bob wants to test an untrusted docker image which has a bug due to which it starts consuming memory rapidly which causes other programs on the system to run out of memory and crash. Bob wants to run the container and limit the max memory it can to be 512MB. Which of the following can bob use while running a container to deal with this problem?


Options are :

  • docker run --limit 512m
  • docker run --limit 512
  • docker run -m 512m (Correct)
  • docker run -m 512

Answer :docker run -m 512m

Which of the following is NOT a good security practice?


Options are :

  • Pull image by hash in order to uniquely identify an image and to ensure it’s integrity
  • Use a stripped down base image
  • Execute the process as a user with limited privileges.
  • Use --privileged flag while running containers to ensure more security (Correct)

Answer :Use --privileged flag while running containers to ensure more security

Docker Certified Associate (DCA) Practice Tests Set 9

Which of the following is true about --privileged mode while running docker container?


Options are :

  • It enables all kernel capabilities for the container (Correct)
  • It increases security of a container
  • It increases the isolation of processes running inside container
  • It disables privilege escalation

Answer :It enables all kernel capabilities for the container

Which of the follow is true about MTLS?


Options are :

  • MTLS ensures that client can authenticate the identity of the server
  • MTLS ensures that both client and server authenticate each other’s identities (Correct)
  • MTLS ensures that server can authenticate the identity of the client
  • MTLS is used by Docker registry for safe transmission of images

Answer :MTLS ensures that both client and server authenticate each other’s identities

What is the recommended way of dealing with loss of root in in DCT?


Options are :

  • Regenerate a new root key
  • Sign existing user certs with a new root key
  • Contact docker support. (Correct)
  • Create a new DCT cluster

Answer :Contact docker support.

Docker Certified Associate (DCA) Practice Exams Set 18

Fill in the blanks A client bundle is a group of ______ downloadable directly from the Docker Universal Control Plane (UCP) user interface. It allows you to authorize a remote Docker engine to a specific user account managed in Docker EE.


Options are :

  • containers
  • images
  • binaries
  • certificates (Correct)

Answer :certificates

Pick ALL storage drivers from the list below which operate at block level? overlay2, aufs, btrfs, zfs, devicemapper


Options are :

  • overlay, aufs, zfs
  • aufs, btrfs, zfs
  • devicemapper, btrfs, zfs (Correct)
  • aufs, btrfs, zfs, overlay

Answer :devicemapper, btrfs, zfs

Which of the following commands can be used to check the storage driver which we are using?


Options are :

  • docker node inspect
  • docker system events
  • docker plugin inspect
  • docker info (Correct)

Answer :docker info

Docker Certified Associate 2020 - Practice Exams - NEW Set 3

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions