Docker Certified Associate (DCA) Practice Tests Set 3

Which of the following statements describe what the ENV directive does?


Options are :

  • It sets environment variables that are only visible at the container runtime.
  • It sets environment variables that are only visible during later build steps
  • It sets environment variables that are made available in subsequent build steps and to containers at the runtime. (Correct)
  • It sets an environment variable on the host while the container is running

Answer :It sets environment variables that are made available in subsequent build steps and to containers at the runtime.

Docker Certified Associate (DCA) Practice Exams Set 5

From a DevOps perspective, it is good practice to keep changes of an application in a version control system. Which of the following will allow changes to a docker image to be maintained in a version control system?


Options are :

  • A docker-compose.yaml file
  • A docker file (Correct)
  • docker commit
  • docker save

Answer :A docker file

Which statement is true?


Options are :

  • ENTRYPOINT cannot be overriden in the "docker container run" command
  • ENTRYPOINT should be defined when using the container as an executable. (Correct)
  • ENTRYPOINT cannot be used in conjuction with CMD
  • CMD cannot be overriden in the "docker container run" command

Answer :ENTRYPOINT should be defined when using the container as an executable.

Environment variables set in a Dockerfile using ENV are persisted when a container is run from the resulting image. True or False.


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

Docker Certified Associate (DCA) Practice Test Set 1

Which of the following flags can you use to specify a repository and a tag for saving the image after the build is done?


Options are :

  • -p
  • -m
  • -f
  • -t (Correct)

Answer :-t

Which of the following statements are true about Dockerfile instructions? (Choose  two)


Options are :

  • COPY supports regular expression handling while ADD does not.
  • ADD supports remote URL handling while COPY does not. (Correct)
  • ADD supports regular expression handling while COPY does not.
  • COPY supports compression format handling while ADD does not.
  • ADD supports compression format handling while COPY does not. (Correct)

Answer :ADD supports remote URL handling while COPY does not. ADD supports compression format handling while COPY does not.

What should you do in the event that a cluster CA key or a manager node is compromised?


Options are :

  • Generate the swarm root CA
  • Remove the node
  • Remove the swarm root CA
  • Rotate the swarm root CA (Correct)

Answer :Rotate the swarm root CA

Docker Certified Associate (DCA) Practice Exams Set 11

Collections are groupings of objects within UCP. Which of the following is not a valid object for a collection?


Options are :

  • configs
  • nodes
  • containers
  • firewall rules (Correct)
  • stacks

Answer :firewall rules

What Docker feature allows you to restrict the syscalls available to a given process?


Options are :

  • mnt
  • UnionFS
  • Seccomp (Correct)
  • Cgroups

Answer :Seccomp

Which of the following commands can you use to enable autolock on an existing swarm cluster?


Options are :

  • docker swarm update --autolock=true (Correct)
  • docker swarm --set-autolock=true
  • docker swarm autolock
  • docker swarm update --autolock-swarm=true

Answer :docker swarm update --autolock=true

Docker Certified Associate (DCA) Practice Tests Set 5

Are scan results of Docker security available in both UCP and DTR?


Options are :

  • FALSE (Correct)
  • TRUE

Answer :FALSE

Which of the following should be stored in a Secret file instead of Dockerfile or application's source code? (select all that apply)


Options are :

  • Usernames and passwords (Correct)
  • Generic strings or binary content (up to 500 kb in size) (Correct)
  • Application metadata
  • Tags
  • Other important data such as the name of a database or internal server (Correct)

Answer :Usernames and passwords Generic strings or binary content (up to 500 kb in size) Other important data such as the name of a database or internal server

Which of the following are the two types of UCP client bundles?


Options are :

  • Docker CLI bundles and Docker web UI bundles.
  • Admin user certificate bundles and user certificate bundles. (Correct)
  • Docker UCP Client bundles and DTR client bundles.
  • Ops client bundels and dev client bundles.

Answer :Admin user certificate bundles and user certificate bundles.

Docker Certified Associate (DCA) Practice Exams Set 17

Following the principle of least privilege, which of the following methods can you use to securely grant access to a specific user to communicate to a Docker engine?


Options are :

  • Utilize the '--host 0.0.0.0:2375' option to the Docker daemon to listen on port 2375 over TCP on all interfaces.
  • Utilize the '--host 127.0.0.1:2375' option to the Docker daemon to listen on port 2375 over TCP on localhost
  • Utilize openssl to create TLS client and server certificates, configuring the Docker engine to use with mutual TLS over TCP. (Correct)
  • Give the user root access to the server to allow them to run Docker commands as root.

Answer :Utilize openssl to create TLS client and server certificates, configuring the Docker engine to use with mutual TLS over TCP.

Which of the following commands can be used to reduce the surface of attack from a container?


Options are :

  • --cap-drop (Correct)
  • --cap-add=ALL
  • None of the answers is correct.
  • --cap-add

Answer :--cap-drop

What is the purpose of Docker Content Trust?


Options are :

  • Signing and verification of image tags (Correct)
  • Indicating an image on Docker Hub is an official image
  • Docker registry TLS verification and encryption
  • Enabling mutual TLS between the Docker client and server

Answer :Signing and verification of image tags

Docker Certified Associate 2020 - Practice Exams - NEW Set 7

Which of the following are available security features of Docker Engine? (select all that apply)


Options are :

  • You can configure secure computing mode (Seccomp) policies to secure system calls in a container (Correct)
  • You can use certificate-based client-server authentication to verify a Docker daemon has the rights to access images on a registry (Correct)
  • You can configure Docker`s trust features so that your users can push and pull trusted images (Correct)
  • You can protect the Docker daemon socket and ensure only trusted Docker client connections (Correct)

Answer :You can configure secure computing mode (Seccomp) policies to secure system calls in a container You can use certificate-based client-server authentication to verify a Docker daemon has the rights to access images on a registry You can configure Docker`s trust features so that your users can push and pull trusted images You can protect the Docker daemon socket and ensure only trusted Docker client connections

You want to prevent Docker Swarm encryption keys from being stored insecurely on swarm managers. How can you enforce a lock on the swarm cluster?


Options are :

  • You can use the --autolock=true flag with the docker swarm update command. (Correct)
  • You canít do it because Docker does not offer this functionality.
  • You can find the critical files after the installation and delete them.
  • The autolock feature must be turned on when the cluster is initialized and cannot be enabled after the fact.

Answer :You can use the --autolock=true flag with the docker swarm update command.

Itís possible to set a secure certificate that is valid for multiple URLs. True or False?


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

Docker and Containers: Commands Set 1

Which of the following cases requires you to change the docker image layer entirely?


Options are :

  • File under ADD layer has bad Hex objects.
  • All of the above
  • Command under CMD layer creates permission conflicts.
  • Components of base image have critical vulnerabilities. (Correct)

Answer :Components of base image have critical vulnerabilities.

A team of developers needs root access to a node. Whatís the proper way to handle the situation?


Options are :

  • None of the answers is correct
  • Give root access only for a short period of time
  • Use RBAC Labels to give access to objects like images and running containers (Correct)
  • Give root access only to users from an existing LDAP/AD infrastructure

Answer :Use RBAC Labels to give access to objects like images and running containers

What is the purpose of client bundles in the Universal Control Plane?


Options are :

  • Provide a new user instructions for how to login to the Universal Control Plane
  • Authenticate a user using client certificates to the Universal Control Plane (Correct)
  • Provide a user with a Docker client binary compatible with the Universal Control Plane
  • Group multiple users in a team in the Universal Control Plane

Answer :Authenticate a user using client certificates to the Universal Control Plane

Docker Certified Associate (DCA) Practice Exams Set 2

Which of the following makes it possible to use a registry that is not configured with TLS certificates from a trusted CA?


Options are :

  • Pass the '--engine-insecure-registry' flag to the daemon when started. (Correct)
  • Set INSECURE_REGISTRY in the '/etc/docker/default' configuration file.
  • Set IGNORE_TLS in the 'daemon.json' configuration file.
  • Set and export the IGNORE_TLS environment variable on the command line.

Answer :Pass the '--engine-insecure-registry' flag to the daemon when started.

In what form can UCP provide authorized client certificates?


Options are :

  • As pop-up dialog box with a token
  • As a token
  • As a QR code
  • As a Client Bundle (zip file) (Correct)

Answer :As a Client Bundle (zip file)

When using the RBAC model, you want to control access to swarm resources by using collections. Which of the following will enable you to do that?


Options are :

  • Docker configs
  • None of the above.
  • Docker labels (Correct)
  • Docker secrets

Answer :Docker labels

Docker Certified Associate (DCA) Practice Tests Set 1

You can configure DTR to use your own TLS certificates, so that it is automatically trusted by your users's browser and client tools?


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

To get UCP traffic secured in Docker Swarm mode you need to generate certs externally or set up any CAs manually. True or False?


Options are :

  • TRUE
  • FALSE (Correct)

Answer :FALSE

When doing operations with a remote Docker registry, what Docker feature allows you to enforce client-side signing and verification of image tags?


Options are :

  • Docker Certificate Checker
  • It is not possible to enforce client-side signing and verification of image tags.
  • Docker Signing Authority
  • Docker Content Trust (Correct)

Answer :Docker Content Trust

Docker Certified Associate (DCA) Practice Exams Set 4

Which of the following is not an available feature after scanning a Docker image?


Options are :

  • Remove Vulnerability (Correct)
  • Layers affected
  • A link to CVE database
  • Severity

Answer :Remove Vulnerability

Which of the following statements is true about secrets?


Options are :

  • Secrets are stored unencrypted on manager nodes
  • Secrets can be created from any node in the cluster
  • Secrets can be created using standard input (STDIN) and a file (Correct)
  • Secrets can be modified after they are created

Answer :Secrets can be created using standard input (STDIN) and a file

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions