Docker Certified Associate (DCA) Practice Tests Set 4

Which of the following options contribute directly to Docker security? (select all that apply)


Options are :

  • Seccomp (Correct)
  • Garbage Collection (Correct)
  • Control groups
  • Namespaces (Correct)

Answer :Seccomp Garbage Collection Namespaces

Docker Certified Associate (DCA) Practice Exams Set 20

Each time a new node joins the swarm, the manager issues a certificate to the node. True or False?


Options are :

  • TRUE (Correct)
  • FALSE

Answer :TRUE

Which of the following is not a valid role in UCP?


Options are :

  • Executor (Correct)
  • None
  • Restricted Control
  • View Only

Answer :Executor

Which of the following options can you use for publishing and managing trusted collections of content?


Options are :

  • Notary tool
  • DISA
  • docker trust command (Correct)
  • docker secure command

Answer :docker trust command

Docker Certified Associate (DCA) Practice Exams Set 22

Which flags of docker swarm update command enable and/or disable autolock on an existing swarm? (select two)


Options are :

  • --autolock=enable
  • --autolock=false (Correct)
  • --autolock=disable
  • --autolock=true (Correct)

Answer :--autolock=false --autolock=true

What security needs does mutual Transport Layer Security (MTLS) satisfy in a swarm? (select all that apply)


Options are :

  • encrypt communication within the cluster (Correct)
  • authentication (Correct)
  • auditing
  • authorization (Correct)

Answer :encrypt communication within the cluster authentication authorization

What is the main difference between UCP workers and managers?


Options are :

  • Ucp-agent service automatically starts serving UCP components and proxy service only on worker node.
  • Ucp-agent service automatically starts serving all UCP components in manager node and only proxy service in worker node. (Correct)
  • Ucp-agent service automatically starts serving UCP components and proxy service only on manger node.
  • Ucp-agent service automatically starts serving UCP components in worker node, and only a proxy service in manager node.

Answer :Ucp-agent service automatically starts serving all UCP components in manager node and only proxy service in worker node.

Docker Certified Associate (DCA) Practice Exams Set 15

Which of the following could not represent a subject in the RBAC model?


Options are :

  • team
  • organization
  • user
  • root (Correct)

Answer :root

What Docker EE feature allows a user to always go back to the specific tag and trust it has not changed.


Options are :

  • Image Mirroring
  • Image Immutability (Correct)
  • There no feature like this.
  • Image Promotion Policy

Answer :Image Immutability

The core component of UCP that is a globally-scheduled service is called?


Options are :

  • ucp-agent (Correct)
  • ha-agent
  • ucp-manager
  • ucp-daemon

Answer :ucp-agent

Docker Certified Associate (DCA) Practice Tests Set 11

What does the following error indicate?

x509: certificate signed by unknown authority


Options are :

  • User is running a docker command on UCP node without client certificate. (Correct)
  • User is running a docker swarm command on manager without client certificate.
  • User is not registered on docker hub.
  • User have entered incorrect captcha.

Answer :User is running a docker command on UCP node without client certificate.

You want to enable The Docker Security Scan process. But you are unable to do so. What could be the reason?


Options are :

  • All answers are valid. (Correct)
  • Security Scanning in not enabled in DTR.
  • You are using Docker Community Edition.
  • You do not have the authority to download the security scanning licence for DTR.

Answer :All answers are valid.

Which of the following is not valid team permission in Docker Trusted Registry?


Options are :

  • Read only
  • Manager (Correct)
  • Read & Write
  • Admin

Answer :Manager

Docker Certified Associate (DCA) Practice Tests Set 2

Which of the following is not a valid entity in the grant permission model in UCP?


Options are :

  • resource sets
  • role
  • certificates (Correct)
  • subject

Answer :certificates

What is the default period after which a node certificate expires in UCP?


Options are :

  • None of the answers is correct
  • 1 year
  • 90 days (Correct)
  • 24 hours

Answer :90 days

Where can you configure the option to integrate Docker with LDAP?


Options are :

  • Docker Trusted Registry
  • Docker Compose
  • Universal Control Plane (Correct)
  • Docker Machine

Answer :Universal Control Plane

Docker Certified Associate (DCA) Practice Exams Set 27

Which of the following components can you use to create users and teams?


Options are :

  • Docker Compose
  • Docker Machine
  • Docker Trusted Registry
  • Universal Control Plane (Correct)

Answer :Universal Control Plane

A service 'wordpress' is running using a password string to connect to a non-dockerized database service. The password string is passed into the 'wordpress' service as a docker secret. Per security policy, the password on the database was changed. Identify the correct sequence of steps to rotate the secret from the old password to the new password.


Options are :

  • Create a new docker secret with the new password. Remove the existing service using 'docker service rm'. Start a new service with the new secret using "--secret="
  • Create a new docker secret with the new password. Trigger a rolling secret update by using the 'docker secret update' command.
  • Trigger an update to the service by using 'docker service update --secret='
  • Create a new docker secret with the new password. Trigger a rolling update of the "wordpress" service, by using "-- secret-rm" & "--secret-add" to remove the old secret and add the updated secret. (Correct)

Answer :Create a new docker secret with the new password. Trigger a rolling update of the "wordpress" service, by using "-- secret-rm" & "--secret-add" to remove the old secret and add the updated secret.

When initializing a swarm, what command can you use to specify your own externally-generated root Certificate Authority?


Options are :

  • docker swarm init --external-cert
  • docker swarm init --external-ca (Correct)
  • docker int swarm --external-ca
  • docker int swarm --external-cert

Answer :docker swarm init --external-ca

Docker Certified Associate (DCA) Practice Exams Set 13

Which of the following options is best to enable developers to read logs?


Options are :

  • Allow access only via docker logs.
  • Enable centralized and remote logging using syslog. (Correct)
  • Grant them SSH access to the host server to read the logs directly.
  • None of the answers is correct.

Answer :Enable centralized and remote logging using syslog.

What happens if you create a Dockerfile and you donít specify a USER directive?


Options are :

  • Docker daemon will create a user with the minimum privileadge required to run the container
  • You will get an error at build time.
  • By default, the user inside the container created from this Dockerfile is root. (Correct)
  • None of the answers is correct.

Answer :By default, the user inside the container created from this Dockerfile is root.

You can have a hybrid composition of users backed by an LDAP/AD group plus users set-up manually. True or False?


Options are :

  • TRUE
  • FALSE (Correct)

Answer :FALSE

Docker Certified Associate (DCA) Practice Exams Set 21

Docker security scan process can be started by all users including those with read-only access. True or false?


Options are :

  • FALSE (Correct)
  • TRUE

Answer :FALSE

You need control of a sound device on the host server from a container. What command should you use?


Options are :

  • None of the answers is correct.
  • docker run --cap-add=/dev/snd
  • docker run --device=/dev/snd:/dev/snd (Correct)
  • docker run --privileged

Answer :docker run --device=/dev/snd:/dev/snd

What is the purpose of a ConfigMap in Kubernetes?


Options are :

  • To decouple environment-specific configuration from your application. (Correct)
  • None of the answers is true.
  • To keep all configurations in one place.
  • To store confidential data in key-value pairs.

Answer :To decouple environment-specific configuration from your application.

Docker and Containers: Commands Set 3

What is the purpose of docker inspect command?


Options are :

  • To inspect changes to files or directories on a container's filesystem
  • To display system-wide information
  • To return low-level information on Docker objects (Correct)
  • To manage Docker configs

Answer :To return low-level information on Docker objects

When Docker is running in swarm mode, you can still run standalone containers on any of the Docker hosts participating in the swarm.


Options are :

  • FALSE
  • TRUE (Correct)

Answer :TRUE

In which of the following cases you need to define a readiness probe on a Kubernetes Pod template definition? (Select all that apply)


Options are :

  • If you want to start sending traffic to a Pod only when a probe succeeds. (Correct)
  • If you want to be able to drain requests when the Pod is deleted.
  • If your Container needs to work on loading large data during startup. (Correct)
  • If you want your Container to be able to take itself down for maintenance. (Correct)

Answer :If you want to start sending traffic to a Pod only when a probe succeeds. If your Container needs to work on loading large data during startup. If you want your Container to be able to take itself down for maintenance.

Docker Certified Associate (DCA) Practice Tests Set 4

Which of the following scenarios would still allow the quorum to administrate tasks in a swarm cluster? (Choose two)


Options are :

  • A 4-node cluster with 2 nodes down.
  • A 3-node cluster with 1 node down. (Correct)
  • A 3-node cluster with 2 nodes down
  • A 7-node cluster with 3 nodes down. (Correct)

Answer :A 3-node cluster with 1 node down. A 7-node cluster with 3 nodes down.

What docker command can you use to add a placement preference to an existing service?


Options are :

  • docker service update --placement-constraint-add
  • docker service update --pref-add
  • docker service update --constraint-add
  • docker service update --placement-pref-add (Correct)

Answer :docker service update --placement-pref-add

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions