What are the primary objects that Docker engine manages? - RunC - LibContainer - Images, Containers, Volumes, Networks

- Images, Containers, Volumes, Networks

DCA Flashcards by Jonathan Marshall

What are the components of Docker Engine?

REST API, Docker Daemon
Images, Containers, Volumes
Docker CLI, Docker Daemon, REST API

Docker CLI, Docker Daemon, REST API

How well did you know this?

Not at all

Perfectly

What component of the docker engine manages the images, containers, volumes, and networks on a host?

REST API
Docker Daemon
Docker CLI

Docker Daemon

How well did you know this?

Not at all

Perfectly

What component of the Docker architecture is responsible for managing containers on Linux on version 1.15 of Docker Engine?

LibContainer
Docker API
LXC

LibContainer

How well did you know this?

Not at all

Perfectly

We can run containers without installing Docker?

True
False

True

How well did you know this?

Not at all

Perfectly

Which component is responsible for keeping the containers alive when the Docker Daemon goes down?

LibContainer
Runc
Containerd
Containerd-Shim

Containerd-Shim

How well did you know this?

Not at all

Perfectly

What are the primary objects that Docker engine manages?

RunC
LibContainer
Images, Containers, Volumes, Networks

Images, Containers, Volumes, Networks

How well did you know this?

Not at all

Perfectly

By default, data stored inside the container is always persistent?

True
False

False

How well did you know this?

Not at all

Perfectly

By default, Docker is configured to look for images on Google Cloud Registry?

True
False

False

How well did you know this?

Not at all

Perfectly

Which component is a read-only template used for creating a Docker container?

Docker Network
Docker Images
Container
Docker volume

Docker Images

How well did you know this?

Not at all

Perfectly

What is the default data directory for Docker?

/var/lib/docker
/var/log/docker
/etc/docker
/home/docker

/var/lib/docker

How well did you know this?

Not at all

Perfectly

What does OCI stand for?

Open Communication Initiative
Open Container Initiative
Open Command Interface
Open Container Interface

Open Container Initiative

How well did you know this?

Not at all

Perfectly

What are the 2 specifications from OCI?

container-spec
runtime-spec
image-spec
oci-spec
libcontainer-spec

runtime-spec

- image-spec

How well did you know this?

Not at all

Perfectly

What is the command to view the version of docker engine installed?

docker –version
docker version
docker engine info
docker info engine

docker version

How well did you know this?

Not at all

Perfectly

What is the command to start docker daemon manually?

docker
dockerd
docker-engine
docker –start-engine

dockerd

How well did you know this?

Not at all

Perfectly

On what interfaces are the docker daemon made available by default?

TCP socket
UDP socket
Unix socket
192.168.1.10

Unix Socket

How well did you know this?

Not at all

Perfectly

What is the port conventionally used to configure un-encrypted traffic on TCP?

2345
2346
2375
2376

2375

How well did you know this?

Not at all

Perfectly

What file is used to configure the docker daemon?

/var/lib/docker/docker.conf
/var/lib/docker/daemon.json
/etc/docker/daemon.json
/etc/docker/daemon.conf

/etc/docker/daemon.json

How well did you know this?

Not at all

Perfectly

What flags are used to configure encryption on docker daemon?

tlsverify, tlscert, tlskey
tlsverify, key, cert
key, cert, tls
host, key, cert, tls

tlsverify, tlscert, tlskey

How well did you know this?

Not at all

Perfectly

What is the default network driver used when a container is created?

overlay
bridge
none
host

bridge

How well did you know this?

Not at all

Perfectly

What is the command used to list the running containers on the Docker Host?

docker container ls
docker container start
docker container stop
None of the above

docker container ls

How well did you know this?

Not at all

Perfectly

Which of the below commands create a container with nginx image and name nginx?

docker container create nginx –name nginx
docker container –name nginx nginx
docker container run nginx
docker container create –name nginx nginx

docker container create –name nginx nginx

How well did you know this?

Not at all

Perfectly

How to list all running and stopped containers and their status?

docker container ls
docker container ls -a
docker container ls -aq
docker container ls -q

docker container ls -a

How well did you know this?

Not at all

Perfectly

How to start a stopped Container?

docker container start nginx

How well did you know this?

Not at all

Perfectly

How do I get only the IDs of running containers?

docker container ls -q

How well did you know this?

Not at all

Perfectly

What is the option used in docker run command to attach to the terminal of the container in an interactive mode?

-it

What is the command to change the container name “httpd” to “webapp”? - docker container rename httpd webapp - docker container rename webapp httpd - docker container replace --name httpd webapp - docker container create --name webapp httpd

docker container rename httpd webapp

What is the command to run a “nginx” container in a detached mode with name “webapp”? - docker container run -it --name webapp nginx - docker container run -it --name nginx webapp - docker container run -d --name webapp nginx - docker container run -d --name nginx webapp

docker container run -d --name webapp nginx

You cannot start a killed container? - True - False

False

Delete the stopped container named “webapp”. - docker container delete webapp - docker container remove webapp - docker container kill webapp - docker container rm webapp

docker container rm webapp

Run a container called webapp with image nginx, and in an interactive mode. - docker container run -it nginx - docker container run -it nginx --name webapp - docker container run nginx - docker container run -it --name webapp nginx

- docker container run -it --name webapp nginx

Which combination of keys are used to escape from the shell and keep the container webapp running? - Ctrl + c - Ctrl+p+q - exit, Ctrl+p+q - Ctrl+c,exit

Ctrl+p+q

Which combination of keys are used to exit from the shell and stop the container webapp? - Ctrl+c - Ctrl+p+q - Ctrl+p - Ctrl+z

Ctrl+c

You have a running container and want to execute a command inside it. Which command will you use? - execute - run - start - exec

exec

We deployed a container called webapp. Inspect this container to get the IPPrefixLen - docker container inspect webapp | grep IPPrefixLen - docker container top webapp | grep IPPrefixLen - docker container run webapp | grep IPPrefixLen - docker container logs webapp | grep IPPrefixLen

docker container inspect webapp | grep IPPrefixLen

We have deployed some containers. What command is used to get the container with the highest memory? - docker container stats - docker container status - docker container top - docker container ls

docker container stats

How to display the running processes inside the container? - docker container top container-name - docker container stats container-name - docker ps container-name - docker container logs container-name

docker container top container-name

You have a webapp container and image httpd. Inspect the logs of the webapp container. Which command is used to get the stream logs of the webapp container so that you can view the logs live?

docker container logs -f webapp

Which command returns only new and/or live events? - docker system info - docker container events - docker container events -f - docker system events

docker system events

Which command returns events since the paste 30 minutes? - docker system events since 30m - docker system events --since 30m - docker container events --since 30m - docker container events since 30m

docker system events --since 30m

Which command is used to get the events of the container named "webapp"? (This one is for you to read the documentation) - docker system events since 10m - docker system events --filter 'container=webapp' - docker system events --filter 'image=webapp'

docker system events --filter 'container=webapp'

Run a container named webapp with nginx image in detached mode. Select the right answer. - docker container run --detach --name=webapp nginx - docker container run --detach --name=nginx webapp - docker container create -d --name=nginx webapp - docker container create -d nginx

docker container run --detach --name=webapp nginx

Stop the container named "nginx" - docker container halt nginx - docker container stop nginx - docker container rm nginx - docker container pause nginx

docker stop container nginx

How do you list running & stopped containers? - docker container ls -a - docker container ls -q - docker container ls - docker container ls -q, docker container ls

docker container ls -a

Delete the "webapp" Container. Select the right answer. - docker container delete webapp - docker container remove webapp - docker container kill webapp - docker container rm webapp

docker container rm webapp

Stop all running containers on the host. Select the right answer. - docker container stop $(docker container ls -a) - docker container rm $(docker container ls -q) - docker container stop $(docker container ls -q) - docker container stop --all

docker container stop $(docker container ls -q)

Delete all running and stopped containers on the host. (Explore the documentation to identify an option to force remove running containers) - docker container stop $(docker container ls -q) - docker container rm $(docker container ls -q) - docker container stop $(docker container ps -q) - docker container rm -f $(docker container ls -aq)

docker container rm -f $(docker container ls -aq)

Which command is used to delete the stopped containers? - docker container remove $(docker container ls -aq) - docker container rm $(docker container ls -aq) - docker container prune - docker container rm --all

docker container prune

What is the command to pause a running container? - docker container pause - docker container --pause - docker container halt - docker container SIGSTOP

docker container pause

What are the signals sent to a running container when the docker container stop command is executed? - SIGSTOP followed by SIGKILL - SIGTERM followed by SIGKILL - SIGKILL followed by SIGTERM - SIGKILL followed by SIGSTOP

SIGTERM followed by SIGKILL

Run a container with image nignx, name nginx and hostname webapp. - docker container run -d --name webapp --hostname=webapp nginx - docker container run -d --name nginx webapp - docker container run -d --name nginx --hostname=webapp nginx - docker container run -d --name webapp nginx

docker container run -d --name nginx --hostname=webapp nginx

What is the hostname set on the container when the following command is run: docker container run -d --name webapp httpd - webapp - apache - httpd - containers unique id

containers unique id

What is the default restart policy? - unless-stopped - on-failure - no - always

Which policy would restart the containers even after the docker daemon is restarted? - unless-stopped - on-failure - always - always, unless-stopped

always

Which policy is used to restart a container unless it is explicitly stopped or Docker is restarted? - unless-stopped - on-failure - no - always

unless-stopped

Which command can be used to check the restart policy of webapp container? - docker container inspect webapp - docker container info webapp - docker container check webapp - None of above

docker container inspect webapp

Restart container unless it is explicitly stopped or Docker is restarted. - unless-stopped - on-failure - no - always

unless-stopped

Which command should be used to update the httpd container with the always policy? - docker container update --restart always httpd - docker container unpause --restart always httpd - docker container upgrade --restart always httpd

docker container update --restart always httpd

Which command should be used to update all the running containers with unless-stopped policy? - docker container upgrade --restart unless-stopped $(docker container ls -q) - docker container update --restart unless-stopped $(docker container ls -q) - docker container upgrade --restart unless-stopped $(docker container ls -aq) - docker container update --restart unless-stopped $(docker container ls -aq)

docker container update --restart unless-stopped $(docker container ls -q)

Which option is used to reduce container downtime due to daemon crashes, planned outages, or upgrades? - Restart Policy - Swarm - LIve Rest

Live Restore

What is the path file which is used to add the live restore? - /etc/docker/daemon.json - /var/lib/docker/daemon.json - /var/log/docker/daemon.json - /var/lib/docker

/etc/docker/daemon.json

How to enable the live restore setting to keep containers alive when the daemon becomes unavailable? - echo '{"live-restore": true}' >> /etc/docker/daemon.json - echo '{"live-restore": true}' >> /var/lib/docker/daemon.json - echo '{true: "live-restore"}' >> /etc/docker/daemon.json - echo '{true: "live-restore"}' >> /var/lib/docker/daemon.json

echo '{"live-restore": true}' >> /etc/docker/daemon.json

Which of the below commands may be used to copy a file /web.conf from a container named webapp with id 89683681 to the /tmp directory on the host? - docker container cp /tmp/web.conf webapp:/etc/web.conf - docker container cp webapp:/web.conf /webapp - docker container cp 89683681:/web.conf /tmp/ - docker container cp webapp:/web.conf /tmp/

docker container cp webapp:/web.conf /tmp/

Copy the /etc/nginx directory from the webapp container to the docker host under /tmp/. - docker container copy webapp:/etc/nginx /tmp/ - docker container cp webapp:/etc/nginx /tmp/ - docker container copy /tmp/ webapp:/etc/nginx - docker container cp /tmp/ webapp:/etc/nginx

docker container cp webapp:/etc/nginx /tmp/

What is the command to copy the file /root/myfile.txt from the host to /root/ of the webapp container? - docker container copy /root/myfile.txt webapp:/root/ - docker container cp /root/myfile.txt webapp:/root/ - docker container copy webapp:/root/ /root/myfile.txt - docker container cp webapp:/root/ /root/myfile.txt

docker container cp /root/myfile.txt webapp:/root/

We can copy a file from a stopped container? - True - False

True

Data inside a container is persistent? True False

False

You can run multiple instances of the same application on the docker host? True False

True

You can map the same port on the Docker host more than once?

False

Which option could be used to expose a webapp container to the outside world? - p - P - -publish - -expose

- p - P - -publish

Map TCP port 80 in the container to port 8080 on the Docker host for connections to host IP 192.168.1.10 . Select the all right answers - p 192.168.1.10:8080:80 - p 192.168.1.10:80:8080 - p 192.168.1.10:8080:80/tcp - p 192.168.1.10:8080:8080

-p 192.168.1.10:8080:80

Unless specified otherwise, docker publishes the exposed port on all network interfaces. - True - False

True

Map UDP port 80 in the container to port 8080 on the Docker host. -p 8080:80/udp -p 80:8080/udp -P 8080:80/udp None of the above

-p 8080:80/udp

How does the -P option in the docker container run command know what ports to publish on the container? - It identifies the ports listening inside the container using netstat command - It uses the ExposedPorts field set on the container or the EXPOSE instruction in the Dockerfile - It requires the –expose command line argument - It assigns random ports between 32768 and 61000

It uses the ExposedPorts field set on the container or the EXPOSE instruction in the Dockerfile

How does docker map a port on a container to a port on the host? - Using an internal load balancer - FirewallD Rules - Using an external load balancer - IPTables Rules

IPTables Rules

What IPTables chains does Docker modify to configure port mapping on a host? - INPUT - FORWARD - DOCKER - OUTPUT

DOCKER

How to check the logs of the docker daemon? - journalctl -u docker.service - less /var/log/messages - less /var/log/daemon.log - /var/log/docker.log

journalctl -u docker.service less /var/log/messages less /var/log/daemon.log /var/log/docker.log

Enable the debugging mode. Select the right answer - echo '{"debug": true}' > /etc/docker/daemon.json - echo '{"debug"}' > /etc/docker/daemon.json - echo '{"debug": true}' > /var/lib/docker/daemon.json - echo '{"debug"}' > /var/lib/docker/daemon.json

echo '{"debug": true}' > /etc/docker/daemon.json

How to check if the docker service is running or not? - docker status - sudo systemctl status docker - sudo systemctl docker status - sudo service status docker

sudo systemctl status docker

Which environment variable will be used to connect a remote docker server? - DOCKER_REMOTE - DOCKER_HOST - DOCKER_CONFIG None of the above

DOCKER_HOST

What may be the cause of this error: “unable to configure the Docker daemon with file /etc/docker/daemon.json: the following directives are specified both as a flag and in the configuration file: tls: (from flag: true, from file: false)”? The tls flag is set to true in daemon.json file and false in the command line The tls flag is set to false in daemon.json file and true in the command line The tls flag is not set on the command line The tls flag is not set in the daemon.json file

The tls flag is set to false in daemon.json file and true in the command line

What is the default logging driver? json-file syslog journald splunk

json-file

Where is the log of the webapp container with id 78373635 on the Docker Host? /var/lib/docker/containers/78373635/78373635.json /var/log/docker/78373635.json /etc/docker/78373635.json /var/lib/docker/tmp/78373635/78373635.json

/var/lib/docker/containers/78373635/78373635.json

Which command is used to check the default logging driver? docker system df docker system events docker system prune docker system info

docker system info

How to change the default logging driver to syslog? echo '{"log-driver": "syslog"}' > /etc/docker/daemon.json echo '{"syslog": "log-driver"}' > /etc/docker/daemon.json echo '{"log-driver": "syslog"}' > /var/lib/docker/daemon.json echo '{"syslog": "log-driver"}' > /var/lib/docker/daemon.json

echo '{"log-driver": "syslog"}' > /etc/docker/daemon.json

Run a webapp container, and make sure that no logs are configured for this container. docker run -it --log-driver none webapp docker run -it --logging-driver none webapp docker run -it webapp docker run -it --log none webapp

docker run -it --log-driver none webapp

Which of the below commands create a container with redis image and name redis? docker container create redis --name redis docker container --name redis redis docker container run redis docker container create --name redis redis

docker container create --name redis redis

We have deployed some containers. What command is used to get the container with the highest memory? docker container stats docker container status docker container top docker container ls

docker container stats

Run a container called apps with image nginx, and in an interactive mode. docker container run -it nginx docker container run -it nginx --name apps docker container run nginx docker container run -it --name apps nginx

docker container run -it --name apps nginx

You can run multiple instances of the same application on the docker host. True False

True

docker container create --name redis redis

Which command should be used to update the restart policy of the httpd container with always? docker container update --restart always httpd docker container unpause --restart always httpd docker container upgrade --restart always httpd None of the above

docker container update --restart always httpd

You can map multiple containers to the same port on the Docker host. True False

False

Which command is used to check the default logging driver? docker system df docker system events docker system prune docker system info

docker system info

What is the command to copy the file /root/myconfig.txt from the host to /root/ of the data container? docker container copy /root/myconfig.txt data:/root/ docker container cp /root/myconfig.txt data:/root/ docker container copy data:/root/ /root/myconfig.txt docker container cp data:/root/ /root/myconfig.txt

docker container cp /root/myconfig.txt data:/root/

Which command is used to update all running containers with the unless-stopped restart policy? docker container upgrade --restart unless-stopped $(docker container ls -q) docker container update --restart unless-stopped $(docker container ls -q) docker container upgrade --restart unless-stopped $(docker container ls -aq) docker container update --restart unless-stopped $(docker container ls -aq)

docker container update --restart unless-stopped $(docker container ls -aq)

What is the purpose of a private registry? tightly control where your images are being stored fully own your images distribution pipeline integrate image storage and distribution tightly into your in-house development workflow All of the above

All of the above

What is the default public registry for docker? Docker Hub Amazon Container Registry Google Container Registry Docker Trusted Registry

Docker Hub

What is the default tag if not specified when building an image with the name webapp? none default latest v1

latest

Run ubuntu container with the trusty tag. docker run ubuntu docker run ubuntu:latest docker run ubuntu:trusty docker run ubuntu -t trusty

docker run ubuntu:trusty

Select the right answer. Which command is used to list the local images? docker image ls docker images ls docker container image ls docker container images ls

docker image ls

List the full length image IDs. (Please explore documentation) docker image ls --digests docker images --digests docker images --no-trunc None of the above

docker images --no-trunc

Display images with a name containing postgres, at least 12 stars. docker find --filter=stars=12 postgres docker search --filter=stars=12 postgres docker find --limit=12 postgres docker search --limit=12 postgres

docker search --filter=stars=12 postgres

Download nginx image from the Google Container Registry hub registry. docker image pull nginx docker image build nginx docker image load nginx docker pull gcr.io/kodekloud/nginx

docker pull gcr.io/kodekloud/nginx

Display images with a name containing busybox, at least 3 stars and are official builds. docker find --filter is-official=true --filter stars=3 busybox docker search --filter is-official=true --filter stars=3 busybox docker find --filter is-official=true --limit=3 busybox docker search --filter is-official=true --limit=3 busybox

docker search --filter is-official=true --filter stars=3 busybox

What is the command to change the tag of "httpd:latest" to "httpd:v1" ? docker container image retag httpd:latest httpd:v1 docker container image tag httpd:latest httpd:v1 docker image retag httpd:latest httpd:v1 docker image tag httpd:latest httpd:v1

docker image tag httpd:latest httpd:v1

You have an nginx:v1 image with size 100M. You’ve now created your own version of the image – nginx:v2 by retagging the first image, what is the total size of both? 50M 100M 150M 200M

100M

Which command should be used to get the total size consumed by all images on a host? docker image list docker image df docker system df docker system list

docker system df

In the output of the "docker system df" command what does the ACTIVE field indicate on the images row? Number of Images currently available on the system Number of Images built on the system Number of Images with containers Number of containers running on the system

Number of Images with containers

What command might have generated the above output? docker container ps docker ps docker image ps docker image list

docker image list

Inspect the following output and answer the following questions: REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest c39a868aad02 4 days ago 150MB redis latest 4760dc956b2d 2 years ago 100MB ubuntu trusty f975c5035748 2 years ago 100MB webapp latest c39a868aad02 4 days ago 150MB alpine latest 3fd9065eaf02 2 years ago 5MB What is the total space consumed by images on this system? 355 MB 505 MB 405 MB 455 MB

355 MB

When you run the docker image inspect ubuntu command it gives the error “No such image”. Why is that? Must run the command docker inspect ubuntu/ubuntu Image Ubuntu does not have the latest tag Must authenticate to docker hub first before running this command Must run the command docker image history ubuntu

Image Ubuntu does not have the latest tag

What is the user/account and image/repository name for the image company/nginx? image=company, user=nginx image=company, user=company image=nginx, user=nginx image=nginx, user=company

image=nginx, user=company

# Choose the right command to pull ubuntu image from a private registry at gcr.io docker pull ubuntu docker pull kk/ubuntu docker pull gcr.io/kk/ubuntu All of the above

docker pull gcr.io/kk/ubuntu

Which command is used to authenticate with azr.com registry which listens on port 5000? docker auth azr.com:5000 docker login azr.com:5000

docker login azr.com:5000

You are required to store a copy of the official alpine image in your company’s internal docker registry. What would be your approach? Create a Dockerfile similar to the official image and build an image Pull the official image, tag it with the address of the internal docker registry and push to the internal docker registry

Pull the official image, tag it with the address of the internal docker registry and push to the internal docker registry

When you log in to a registry, the command stores credentials in … (Please explore the documentation pages for this) $HOME/.docker/config.json /etc/docker/.docker/config.json /var/lib/docker/.docker/config.json /var/lib/docker/containers/.docker/config.json

$HOME/.docker/config.json

While trying to delete image postgres, you got an error “conflict: unable to remove repository reference “postgres” (must force) – container 1a56b95e073c is using its referenced image adf2b126dda8″. What may be the cause of this error? A container is using this image Must use force option to delete an image Another image is using layers from this image The image was built locally on this host

A container is using this image

Which command is used to remove webapp:v1 image locally? docker image rm webapp docker image rm webapp:v1 docker image remove webapp:v1 docker image del webapp:v1

docker image rm webapp:v1

Remove all unused images on the Docker host docker image prune -a docker image rm -a docker image delete -a None of the above

docker image prune -a

Display all layers of httpd image along with the size on each layer. docker image layers httpd docker image history httpd docker image inspect httpd docker images history httpd

docker image history httpd

Which command can be used to get the ExposedPorts of a webapp image? docker container ls docker image inspect webapp docker container inspect webapp docker image ls

docker image inspect webapp

How to get the Os field alone of the httpd image? docker image inspect httpd -f '{{.Os}}' docker image ls | grep Os docker image history | grep Os docker image inspect httpd -f '{{.OperatingSystem}}'

docker image inspect httpd -f '{{.Os}}'

Which subcommand will be used to get more info about images? inspect load import ls

inspect

Print the value of ‘Architecture’ and ‘Os’ for a 'webapp' image. docker image inspect webapp -f '{{.Os}}' -f '{{.Architecture}}' docker image inspect webapp -f '{{.Os}} {{.Architecture}}' docker image inspect webapp -f '{{.Os}}', -f '{{.Architecture}}' docker image inspect webapp -f '{{.Os .Architecture}}'

docker image inspect webapp -f '{{.Os}} {{.Architecture}}'

Which command can be used to get a backup of image webapp? docker image backup webapp -o webapp.tar docker image save webapp -o webapp.tar docker container save webapp -o webapp.tar docker container backup webapp -o webapp.tar

docker image save webapp -o webapp.tar

A tarfile – nginx.tar – has been created using the docker image save command. Which command can be used to extract it into your docker host. docker image import -i nginx.tar docker image restore -i nginx.tar docker container restore -i nginx.tar docker image load -i nginx.tar

docker image load -i nginx.tar

A government facility runs a secure data center with no internet connectivity. A new application requires access to docker images hosted on docker hub. What is the best approach to solve this? Get the Dockerfile of the image and build a local version from within the restricted environment. Establish a secure link between the host in the restricted environment and docker hub Pull docker images from a host with access to docker hub, convert to a tarball using docker image save command, and copy to the restricted environment and extract the tarball Pull docker images from a host with access to docker hub, then push to a registry hosted within the restricted environment.

Pull docker images from a host with access to docker hub, convert to a tarball using docker image save command, and copy to the restricted environment and extract the tarball

You have created a nginx container and customized it to create your own webpage. How can you create an image out of it to share with others? docker image save docker image export docker export You can only create an image using a Dockerfile

docker export

How do you restore an image created from the docker export command? docker container import docker image import docker image load docker image restore

docker image import

The “export” command works with Docker images. True False

False

Export webapp container’s filesystem as a tar archive. Select the right answer docker export webapp mywebapp.tar docker image export --output="mywebapp.tar" webapp docker image save -i mywebapp.tar docker container export webapp > mywebapp.tar

docker container export webapp > mywebapp.tar

Which of the following commands is used to list the docker images on the Docker Host? docker images docker image ls docker image get docker ls image

docker image

Which of the following commands used to match all images with the com.example.version label? docker images --label="com.example.version" docker images --filter "com.example.version" docker images --filter "label=com.example.version" docker images --format "label=com.example.version"

docker images --filter "label=com.example.version"

Which of the following is not an instruction supported in the Dockerfile? Select the all right answers. EXPOSE ADD WORKDIR EXEC

EXEC

The … is a text document that contains all the commands a user could call on the command line to assemble an image. Dockerfile Docker Compose .dockerignore build context

Dockerfile

Which method can be used to build an image using existing containers? docker commit docker export docker save docker load

docker export

The container being committed and its processes will be paused while the image is committed. True False

True

We have a running container named webapp with the nginx image. We added a custom html file to this container. How do we create an image named mynginx from this container? docker container commit webapp mynginx docker container commit mynginx webapp docker container update webapp mynginx None of the above

docker container commit webapp mynginx

The docker container commit is the recommended approach for building a custom image. True False

False

You are required to create an image from an existing image. What is the recommended approach? Use docker image export and docker image import command Use docker container export and docker container import command Use docker image save and docker image load command Use docker container commit command

Use docker image save and docker image load command

You are required to create an image from an existing container. What is the recommended approach? Use docker image export and docker image import command Use docker container export and docker container import command Use docker container commit command Use docker container export and docker image import command

Use docker container export and docker image import command

``` FROM python:3.6 RUN pip install flask COPY . /opt/ EXPOSE 8080 WORKDIR /opt ENTRYPOINT ["python", "app.py"] ``` What is the parent image from which this application is created? ubuntu:latest python centos:7 python:3.6

python:3.6

``` FROM python:3.6 RUN pip install flask COPY . /opt/ EXPOSE 8080 WORKDIR /opt ENTRYPOINT ["python", "app.py"] ``` To what location within the container is the application code copied to? /opt /app /root /var

/opt

``` FROM python:3.6 RUN pip install flask COPY . /opt/ EXPOSE 8080 WORKDIR /opt ENTRYPOINT ["python", "app.py"] ``` When a container is created using the image built with the following Dockerfile, what is the command used to RUN the application inside it. pip install flask docker run app.py app.py python app.py

python app.py

``` FROM python:3.6 RUN pip install flask COPY . /opt/ EXPOSE 8080 WORKDIR /opt ENTRYPOINT ["python", "app.py"] ``` What is the port of the web application configured for the service to listen within the container? 8080 5000 80 0.0.0.0

What is the port of the web application configured for the service to listen within the container? 8080 5000 80 0.0.0.0

Whenever a build is initiated by running the Docker build command, the files under the build context are transferred to the Docker daemon, at a temporary directory under the docker’s filesystem. Which directory are these files stored in? /var/lib/docker/tmp /var/lib/docker/image /var/lib/docker/volumes /var/lib/docker/plugins

/var/lib/docker/tmp

Which of the below commands may be used to build an image with the Dockerfile filename? docker build . docker build -f Dockerfile . docker build -t Dockerfile2 . docker build -t .

docker build . | docker build -f Dockerfile .

While building a docker image from code stored in a remote URL, which command will be used to build from a directory called docker in the branch dev? docker build https://github.com/kk/dca.git#dev:docker docker build https://github.com/kk/dca.git#docker:dev docker build https://github.com/kk/dca.git:dev docker build https://github.com/kk/dca.gitdev:#docker

docker build https://github.com/kk/dca.git#dev:docker

A build’s context is the set of files located in the specified PATH or URL, Which kind of resources can the URL parameter refer to ? Git repositories pre-packaged tarball contexts Path to a local directory

Git repositories | Path to a local directory

# Choose the correct flag to apply a tag to an image done. - i - p - f - t

-t

If you do not specify a tag name, you can’t build the image. True False

False

Build an image using a context build under path /tmp/docker and name it webapp. docker build /tmp/docker docker build /tmp/docker -t webapp docker build webapp -t /tmp/docker docker pull -it /tmp/docker bash

docker build /tmp/docker -t webapp

What is the default tag if not specified when building an image with the name webapp? none default latest v1

latest

What is the command to build an image using a Dockerfile.dev file under path /opt/myapp with the name webapp. The current directory you are in is /tmp. docker build Dockerfile.dev -t webapp /opt/myapp docker build -f /opt/myapp/Dockerfile.dev /opt/myapp -t webapp docker build -f Dockerfile.dev /opt/myapp -t webapp docker build -t Dockerfile.dev -name webapp -f /opt/myapp

docker build -f /opt/myapp/Dockerfile.dev /opt/myapp -t webapp

What is the file used to exclude temporary files such as log files or builds from the context during a build? .git .gitignore .dockerignore None of the above

.dockerignore

If the build fails at a particular stage, it repurposes the previous layers from the cache and does not really rebuild them. True False

True

What is a recommended approach for installing packages and libraries while building an image? Download packages on the host and use ADD instructions to add them to the image. Use the ADD instruction to provide a URL to the package on the remote host. Use the RUN instruction and have the apt-get update and apt-get install commands on the same instruction. Use the RUN instruction and have the apt-get update and apt-get install commands as separate instructions.

Use the RUN instruction and have the apt-get update and apt-get install commands on the same instruction.

Using RUN apt-get update && apt-get install -y ensures your Dockerfile installs the latest package versions with no further coding or manual intervention. This technique is known as ….. Docker-stack Cache busting Version pinning Build-context

Cache busting

What is a best practice while installing multiple packages as part of the install instruction? Add them on the same line Add them on separate lines separated by a slash in alphanumeric order Add a separate instruction for each package Add them on separate lines separated by a slash

Add them on separate lines separated by a slash in alphanumeric order

Which among the following scenarios will lead to docker invalidating cache on a given layer? Change in instruction Change in a file used with the ADD instruction Addition of a new instruction at the end of the file Release of a new version of a package installed with the RUN instruction

Change in instruction | Change in a file used with the ADD instruction

…… forces the build to install a particular version of package regardless of what’s in the cache. This technique can also reduce failures due to unanticipated changes in required packages. Docker-stack Cache busting Version pinning Build-context

version pinning

What is a recommended approach to reduce build time while building docker images? Instructions likely to change more often must be at the top of the Dockerfile Instructions likely to change more often must be at the bottom of the Dockerfile Instructions likely to change more often must be in the middle of the Dockerfile The order of the instructions within the Dockerfile doesn’t matter.

Instructions likely to change more often must be at the bottom of the Dockerfile

A Dockerfile is built from the Ubuntu image as the base image. What would happen to the cache when a new version of the Ubuntu image is made available at Dockerhub? Cache is invalidated and docker pulls the new image and recreates from scratch. Cache is not invalidated and docker continues to use existing cache.

The cache is not invalidated and docker continues to use the existing cache.

Which option can be used to disable the cache while building a docker image? (Explore the docker documentation for this) –no-cache=true –force-rm=true –cache-from true None of the above

–no-cache=true

COPY instruction only supports the basic copying of local files into the container. True False

True

What is the right instruction to download a file from "https://file.tar.xz" and copy to "/testdir" in the image? ADD https://file.tar.xz /testdir COPY https://file.tar.xz /testdir RUN https://file.tar.xz /testdir None of the above

ADD https://file.tar.xz /testdir

COPY instruction has some features like local-only tar extraction and remote URL support. True False

False

Which instruction(s) can be used in the Dockerfile to copy content from the local filesystem into the containers? ADD COPY MOVE RUN

ADD | COPY

Which of the following is the correct format for CMD instruction? CMD ["executable","param1","param2"] CMD ["param1","param2"] CMD command param1 param2 CMD command,param1,param2

CMD ["executable","param1","param2"] | CMD command param1 param2

If CMD is used to provide default arguments for the ENTRYPOINT instruction, both the CMD and ENTRYPOINT instructions should be specified. True False

True

When a user runs the command docker run my-custom-image sleep 1000 docker overrides the ENTRYPOINT instruction with "sleep 1000" docker overrides the CMD instruction with "sleep 1000" docker override ENTRYPOINT instruction with "sleep" and CMD instruction with "1000"

docker overrides the CMD instruction with "sleep 1000"

# Choose the correct instruction to add the echo "Hello World" command in the Dockerfile. CMD [echo "Hello World"] CMD ["echo", "Hello World"] CMD ["Hello World"] None of the above

CMD ["echo", "Hello World"]

What is the output of the following Dockerfile snippet when container runs as docker run -it < image> ? ENTRYPOINT ["/bin/echo", "Hello"] CMD ["world"] Hello world Hello world world Hello

Hello world

What is the output of the following Dockerfile snippet when container runs as docker run -it kk ? ENTRYPOINT ["/bin/echo", "Hello"] CMD ["World"] Hello kk Hello World kk kk Hello

Hello kk

f you list more than one CMD instruction in the Dockerfile then only the last CMD will take effect. True False

True

A parent image is an image that your image is based on. It refers to the contents of the FROM directive in the Dockerfile. True False

True

A parent image has FROM scratch in its Dockerfile. True False

False

While building an image, You have one base image, but there could be multiple parent images. True False

True

How do you identify if a Docker file is configured to use multi-stage builds? The Dockerfile has the tag multi-stage at the top The Dockerfile has multiple FROM instructions The Dockerfile has multiple RUN instructions The Dockerfile is built from the scratch image

The Dockerfile has multiple FROM instructions

The "--from=0" in the following Dockerfile instruction line refers to: "COPY --from=0 /go/src/github.com/alexellis/href-counter/app ." The base image specified in the FROM instruction of the first set of instructions. The base image specified in the FROM instruction of the second set of instructions. The image built using the first set of instructions in the Dockerfile. The image built using the last set of instructions in the Dockerfile

The image built using the first set of instructions in the Dockerfile.

By default, the stages are not named, and you refer to them by their integer number, starting with 1 for the first FROM instruction in the multi-stage build. True False

False

Name the stage which uses nginx as a base image to builder in the Dockerfile. FROM nginx FROM nginx AS builder The last image build FROM node AS builder

FROM nginx AS builder

What is the instruction used to copy a file from an external image named redis not part of any stage in the multi-stage build process. (Refer to the documentation for this one) –from=redis –from=0 –copy-from=redis –copy-from=0

–from=redis

You are developing an e-commerce application. The application must store cart details of users temporarily as long as the user’s session is active. What is the recommended approach to storing the cart details with the application deployed as a docker container? Store the cart details in the /tmp directory of the container Store the cart details in the memory of the container Store the cart details in a volume backed by a in-memory cache service like redis

Store the cart details in a volume backed by a in-memory cache service like redis

It’s recommended to avoid sending unwanted files to the build context by using .gitignore file to exclude those files. True False

False

An application you are developing requires an httpd server as frontend, a python application as the backend API server, a MongoDB database and a worker developed in Python. What is the recommended approach in building images for these containers? Build httpd, python API server, MongoDB database, and Python worker into a single image to allow ease of deployment Build httpd into an image, MongoDB database to another, and Python API and worker together into a single image Build separate images for each component of the application

Build separate images for each component of the application

Which of the below can help minimize the image size? Only install necessary packages within the image Avoid sending unwanted files to the build context using .dockerignore Combine multiple dependent instructions into a single one and clean up temporary files Move the instructions that are likely to change most frequently to the bottom of the Dockerfile Use multi-stage builds

- Only install necessary packages within the image - Combine multiple dependent instructions into a single one and clean up temporary files - Use multi-stage builds

Which is the recommended approach to install packages following the best practices in Dockerfile? RUN apt-get update && apt-get install -y git httpd RUN apt-get update && apt-get install -y \ git \ httpd RUN apt-get update \ RUN apt-get install -y git \ RUN apt-get install -y httpd

RUN apt-get update && apt-get install -y \ git \ httpd

Which of the below steps can help minimize the build time of images? Only install necessary packages within the image Avoid sending unwanted files to the build context using .dockerignore Combine multiple dependent instructions into a single one and clean up temporary files Move the instructions that are likely to change most frequently to the bottom of the Dockerfile Use multi-stage builds

- Avoid sending unwanted files to the build context using .dockerignore - Move the instructions that are likely to change most frequently to the bottom of the Dockerfile

Which of the following tag image will get when creating a redis container with image redis? docker run -itd --name redis redis none default v1 latest

latest

Which of the below statements are true: By default a container runs with 1 vCPU and 500 MB of memory By default a container runs with unlimited CPU and Memory resources By default a container runs with 0.5 vCPU and 500 MB of memory By default a container runs with unlimited vCPU and 500 MB of memory

By default a container runs with unlimited CPU and Memory resources

What will happen if the --memory-swap is set to -1? the container does not have access to swap. the setting is ignored, and the value is treated as unset. the container is allowed to use unlimited swap. None of the above

the container is allowed to use unlimited swap.

Each container gets a CPU share of …. assigned by default. 256 512 1024 2048

1024

What is a linux feature that prevents a process within the container to access raw sockets? Control Groups (CGroups) Namespaces Kernel Capabilities Network Namespaces

Kernel Capabilities

By default, all containers get the same share of CPU cycles. How to modify the shares? docker container run --cpu-shares=512 nginx docker container run --cpuset-cups=512 nginx docker container run --cpu-quota=512 nginx docker container run --cpus=512 nginx

docker container run --cpu-shares=512 nginx

``` Which command is used to list the default available networks? docker network --filter docker network get docker network ls None of the above ```

docker network ls

Which command is used to see the network settings and IP address assigned to a container with id c164825bb3d3 that uses the myapp image? docker inspect myapp docker container ls myapp docker container ls c164825bb3d3 docker inspect c164825bb3d3

docker inspect c164825bb3d3

What is the default network driver used on a container if you haven’t specified one? host bridge overlay Macvlan

bridge

Overlay networks connect multiple Docker daemons together and enable swarm services to communicate with each other. True False

True

If you use the …… network mode for a container, that container’s network stack is not isolated from the Docker host (the container shares the host’s networking namespace), and the container does not get its own IP-address allocated. host bridge overlay Macvlan

host

How to get the subnet, gateway of the network c0a0b59a3807? docker info c0a0b59a3807 docker container inspect c0a0b59a3807 docker network inspect c0a0b59a3807 docker inspect c0a0b59a3807

docker network inspect c0a0b59a3807

Which of the following commands would create a user-defined bridge network called my-net? docker network create my-net docker create network my-net docker network create -d bridge my-net docker network create --type bridge my-net docker network create --driver bridge my-net

docker network create my-net | docker network create --driver bridge my-net

What is the command to connect a running container with name myapp to the existing bridge network my-net? docker container connect myapp my-net docker container attach myapp my-net docker network connect my-net myapp docker network connect myapp my-net

docker network connect my-net myapp

What is the command to remove all unused networks? docker network create my-net docker network rm my-net docker network prune docker network rm --all

docker network prune

What is the command to remove the my-net network? docker network create my-net docker network rm my-net docker network connect my-net None of the above

docker network rm my-net

Which of the following commands would create a user-defined bridge network called dev-net? docker network create dev-net docker create network dev-net docker network create -d bridge dev-net docker network create --type bridge dev-net docker network create --driver bridge dev-net

docker network create dev-net docker network create -d bridge dev-net docker network create --driver bridge dev-net

What is the command to connect a running container with name myapp to the existing bridge network dev-net? docker container connect myapp dev-net docker container attach myapp dev-net docker network connect dev-net myapp docker network connect myapp dev-net

docker network connect dev-net myapp

What is the command to remove all unused networks from the Docker host? docker network create cisco-net docker network rm web-net docker network prune docker network rm –all

docker network prune

What is the command to delete the network named connector? docker network prune connector docker network rm connector docker network delete connector None of the above

docker network rm connector

What is the command to list all available networks? docker network ls docker network show docker network display docker get network

docker network ls

Which command is used to see the IP address and other network settings assigned to a container with id 33373b1ccc3f that uses the wordpress image? docker inspect wordpress docker container ls wordpress docker container ls 33373b1ccc3f docker inspect 33373b1ccc3f

docker inspect 33373b1ccc3f

What is the default network driver used on a container if you haven’t specified one? host bridge overlay All of the above

If you use the … network mode for a container, that container’s network stack is not isolated from the Docker host (the container shares the host’s networking namespace), and the container does not get its own IP-address allocated. bridge overlay host none

host

Which command is used to disconnect the my-net network from the redis container? docker network rm redis my-net docker network disconnect redis my-net docker network disconnect my-net redis docker network disconnect redis

docker network disconnect my-net redis

Which command is used to see the details of the subnet and gateway of network id ce982a9edf65? docker info ce982a9edf65 docker container inspect ce982a9edf65 docker show ce982a9edf65 docker network inspect ce982a9edf65

docker network inspect ce982a9edf65

By default, all files created inside a container are stored on a writable container layer. True False

True

Volumes are the preferred mechanism for persisting data generated by and used by Docker containers. True False

True

What is the command to remove unused volumes? docker container rm my-vol docker volume rm my-vol docker volume prune docker volume rm --all

docker volume prune

What is the command to create a volume with the name my-vol? docker volume create my-vol docker create volume my-vol docker volume prune docker volume rm all

docker volume create my-vol

What is the command to list volumes? docker volume ls docker volume prune docker volume get None of the above

docker volume ls

What is the command to get details of the volume my-vol such as the driver, mountpoint, volumename, ..etc? docker volume inspect my-vol docker volume fetch my-vol docker volume get my-vol docker volume ls my-vol

docker volume inspect my-vol

Which command is used to remove the my-vol volume? docker volume del my-vol docker volume remove my-vol docker volume prune my-vol docker volume rm my-vol

docker volume remove my-vol | docker volume rm my-vol

The volumes are mounted as “readonly” by default inside the container if no options are specified. True False

False

You can remove a vol1 which is in use by a container using the command docker volume rm --force vol1. True False

False

Which option is used to mount a volume? -v – -volume – -mount –volume-mount

- v - -mount - -volume

Which among the below is a correct command to start a webapp container with the volume vol2, mounted to the destination directory /app? docker run -d --name webapp --mount source=vol2,target=/app httpd docker run -d --name webapp -v vol2:/app httpd docker run -d --name webapp --volume vol2:/app httpd

docker run -d --name webapp --mount source=vol2,target=/app httpd docker run -d --name webapp -v vol2:/app httpd docker run -d --name webapp --volume vol2:/app httpd

Which among the below is a correct command to start a webapp container with the volume vol3, mounted to the destination directory /opt in readonly mode? docker run -d --name webapp --mount source=vol3,target=/opt,readonly httpd docker run -d --name webapp -v vol3:/opt:ro httpd docker run -d --name webapp -v vol3:/opt:readonly httpd docker run -d --name webapp --volume vol3:/opt:ro httpd docker run -d --name webapp --mount source=vol3,target=/opt,ro httpd

docker run -d --name webapp --mount source=vol3,target=/opt,readonly httpd docker run -d --name webapp -v vol3:/opt:ro httpd docker run -d --name webapp --volume vol3:/opt:ro httpd

By default, all files inside an image are in a writable layer. True False

False

Using …… we can configure containers and communication between them in a declarative way. Docker Compose Dockerfile Device Mapper Build-context

Docker Compose

…….. is a YAML file that contains details about the services, networks, and volumes for setting up a Docker application. Dockerfile Docker Compose .dockerignore .env

Docker Compose

Which command can be used to create and start containers in foreground using the existing docker-compose.yml? docker-compose up docker-compose ps docker-compose logs docker-compose stop

docker-compose up

Which command can be used to create and start containers in the background or detached mode in composing the existing docker-compose.yml? docker-compose up docker-compose up --background docker-compose up --detach docker-compose up -d

docker-compose up --detach | docker-compose up -d

…… is the command to list the containers created by compose file. docker-compose ls docker-compose ps docker-compose list

docker-compose ps

…… is the command to check the logs for the whole stack defined inside compose file. docker-compose up docker-compose ps docker-compose logs docker-compose up -d

docker-compose logs

Which command can be used to stop (only and not delete) the whole stack of containers created by compose file? docker-compose down docker-compose stop docker-compose destroy docker-compose halt

docker-compose stop

docker-compose stop command stops and removes the whole stack of containers created by compose file. True False

False

Select the right answer. Which command can be used to delete the application stack created using compose file? docker-compose rm docker-compose stop docker-compose down docker-compose destroy

docker-compose down

Compose files that doesn’t declare a version are considered “version 0”. True False

False

Compose files using the version 2 and version 3 syntax must indicate the version number at the root of the document. True False

True

With the docker-compose up command, we can run containers on multiple docker hosts. True False

False

8080

``` version: "3.8" services: web: build: . depends_on: - db - redis volumes: - .:/code - logvolume01:/var/log ports: - "8080:80" redis: image: redis db: image: postgres volumes: logvolume01: {} ``` Which of the following statements are true? All of the web, redis and db images will be built before deploying containers. The redis image will be built and the web image will be pulled from Dockerhub if it doesn’t already exist on the host. The web image will be built and the redis image will be pulled from Dockerhub if it doesn’t already exist on the host. All images will be pulled from Dockerhub.

The web image will be built and the redis image will be pulled from Dockerhub if it doesn’t already exist on the host.

``` version: "3.8" services: web: build: . depends_on: - db - redis volumes: - .:/code - logvolume01:/var/log ports: - "8080:80" redis: image: redis db: image: postgres volumes: logvolume01: {} ``` How can the web application address redis? Using the container ID generated by redis Using the name redis Using the internal IP address of the redis container By exposing port 6379 of redis container on the host and then using hosts IP

using the name redis

``` version: "3.8" services: web: build: . depends_on: - db - redis volumes: - .:/code - logvolume01:/var/log ports: - "8080:80" redis: image: redis db: image: postgres volumes: logvolume01: {} ``` What kind of volume mount is configured on the web application for the /code directory inside the container? Volume Mount Bind Mount

Bind Mount

``` version: "3.8" services: web: build: . depends_on: - db - redis volumes: - .:/code - logvolume01:/var/log ports: - "8080:80" redis: image: redis db: image: postgres volumes: logvolume01: {} ``` What kind of volume mount is configured on the web application for the /var/log directory inside the container? Volume mount Bind mount

Volume mount

``` version: "3.8" services: web: build: . depends_on: - db - redis volumes: - .:/code - logvolume01:/var/log ports: - "8080:80" redis: image: redis db: image: postgres volumes: logvolume01: {} ``` Which is the correct statement referring to the following Compose file? The depends_on configuration is not supported in Compose version 3 db and redis services will be started before web service web service will be started before db and redis services None of the above

db and redis services will be started before web service

What is the command to see the running process inside of containers created by compose file? docker-compose top docker-compose stats docker top docker stats

docker-compose top

What technologies can be used to group multiple machines together into a single cluster to run applications in the form of containers? Swarm Kubernetes Mesos Openshift

Swarm Kubernetes Mesos Openshift

What are the advantages of container orchestration? High availability Auto Scaling Self-healing Declarative

High availability Auto Scaling Self-healing Declarative

Swarm nodes can be physical or virtual, on the cloud or on-prem that have Docker engine installed on it. True False

True

A swarm cluster consists of at least one manager node and one or more worker nodes. True False

True

The manager in the swarm cluster receives instructions or tasks from the worker node and runs containers. True False

False

Manager nodes are dedicated to management tasks only and cannot run workloads. True False

False

Who is responsible for maintaining the desired state of the swarm cluster and taking necessary actions if a node was to fail or a new node was added to the cluster? manager node worker node slave node worker, slave nodes

manager node

You can promote a worker node to a manager node. True False

True

What feature of swarm closely relates to this use case – “If an instance of an application crashes, it is immediately replaced by a new one”? Rolling updates Self-healing Scaling Load Balancing

Self-healing

The communication between the nodes in the swarm cluster is not secured by default. True False

False

Is it possible to promote a worker node to manager in swarm? Yes No

Yes

The command docker node promote can be executed on any node “manager or worker”. True False

False

Promote worker1 to a manager node. Select the right answer. docker promote node worker1 docker node promote worker1 docker swarm node promote worker1 docker swarm promote node worker1

docker node promote worker1

Change manager1 to a worker node. Select the right answer. docker swarm node demote manager1 docker demote node manager1 docker node demote manager1 docker node demote manager1 worker

docker node demote manager1

If you have one manager in your swarm cluster, is it possible to demote it to a worker node? True False

False

What does the Reachable status of a node indicate in docker swarm? The node is a worker node and is reachable The node is a manager node and is reachable The node is a manager node and is reachable and is not the leader The node is a manager node and is the leader

The node is a manager node and is reachable and is not the leader

Which command is used to check the status of manager/worker nodes? docker swarm ls docker node ps docker node ls docker swarm show nodes

docker node ls

We want to perform maintenance tasks on node – worker1 – for performing patching and updates. Select the best way to achieve this. docker node update --availability drain worker1 docker node update --availability active worker1 docker node rm worker1 None of the above

docker node update --availability drain worker1

When a worker node becomes active again after draining, the old containers will go back to this node. True False

False

We have a single manager 2 worker node swarm cluster. All three nodes are hosting workload. What is the sequence of activities to remove the manager node from the swarm cluster? Drain the node, and run docker swarm leave. Demote to a worker node, drain the node and run docker swarm leave. Promote a worker node to master, demote manager to worker, drain the node and run docker swarm leave. Add a new worker node, drain the manager node, and run docker swarm leave.

Promote a worker node to master, demote manager to worker, drain the node and run docker swarm leave.

It is recommended to have one manager in your cluster? True False

False

The manager node is responsible for maintaining the cluster state, distributing and ensuring the state of containers and services across all workers. True False

True

Which of the below statements are true when you have more than 1 manager nodes? All decisions are made by all the managers at once. All decisions are made by each manager turn by turn in a round-robin fashion. All decisions are made by 1 manager who is the leader.

All decisions are made by 1 manager who is the leader.

…. is responsible for making sure that all the manager nodes that are in charge of managing and scheduling tasks in the cluster, are storing the same consistent state. CFS Scheduler Raft consensus Leader

Raft consensus

Out of a total of 3 masters if one node was to fail or was not responding at that moment and only two nodes were available,the decision to add the new worker can still be made with an agreement between the two available nodes. True False

True

…. is defined as the minimum number of managers required to be present for carrying out cluster management tasks. Majority Fault tolerance Quorum Single failure

Quorum

What is the maximum number of managers possible in a swarm cluster? 3 5 7 No limit

No Limit Docker recommends 7

What is the maximum number of managers recommended by Docker in a swarm cluster? 3 5 7 No limit

Which formula can be used to calculate the Quorum of N nodes? N + 1 N+1 / 2 N-1/2 N /2 -1

N-1/2

Which formula can be used to calculate the fault tolerance of N nodes? N + 1 N+1 / 2 N / 2 +1 (N-1)/2

(N-1)/2

It is recommended to have an even number of master nodes. True False

False

Assume that you have 3 managers in your cluster, what will happen if 2 managers fail at the same time? Select the all-right answers. The services hosted on the available worker nodes will continue to run. The services hosted on the available worker nodes will stop running. New services/workers can be created or added. New services/workers can’t be created or added.

The services hosted on the available worker nodes will continue to run. New services/workers can’t be created or added.

How many manager nodes must be online in a cluster with 13 manager nodes for the swarm cluster to continue to operate? 3 1 6 7

How many manager nodes must be online in a cluster with 7 manager nodes for the swarm cluster to continue to operate? 3 1 4 5

Among the below what is the recommended number of manager nodes as per best practices? 9 7 1 4

You have 3 data centers and 9 managers. How best should you distribute the managers between them to withstand site-wide disruptions? 3-3-3 9-0-0 4-4-1 4-3-2

3-3-3

You have 3 data centers and 11 managers. How best should you distribute the managers between them to withstand site-wide disruptions? 4-3-3 4-4-3 4-5-2 9-0-2

4-4-3

You have 3 data centers and 13 managers. How best should you distribute the managers between them to withstand site-wide disruptions? 5-5-3 6-6-1 7-5-1 7-3-3

5-5-3

You have 3 data centers and 7 managers. How best should you distribute the managers between them to withstand site-wide disruptions? 4-2-1 3-2-3 3-2-2 3-1-3

3-2-2

Which of the below statements are true? By default, manager nodes host workloads. You must explicitly configure it not to. By default, manager nodes do not host workloads. You must explicitly configure it to host workloads.

By default, manager nodes host workloads. You must explicitly configure it not to.

The RAFT logs are stored in memory on the manager nodes. True False

False

The RAFT logs are stored on disk and not protected. True False

False

The default behavior requires you to unlock the swarm when a new node joins the swarm cluster. True False

False

After restarting the docker service and trying to run docker service ls, you get an error “Error response from daemon: Swarm is encrypted and needs to be unlocked before it can be used. How can you solve this error? docker swarm leave docker swarm update docker swarm lock docker swarm unlock

docker swarm unlock

Which command can be used to return the current key which is used inside the cluster? docker swarm lock-key docker swarm lock --autolock=true docker swarm unlock --autolock=true docker swarm unlock-key

docker swarm unlock-key

Which command can be used to enable auto lock on an existing swarm? docker swarm update --autolock=true docker swarm lock --autolock=true docker swarm set --autolock=true docker swarm unlock-key

docker swarm update --autolock=true

…. are one or more instances of a single application that runs across the Swarm Cluster. docker stack services pods None of the above

services

Which command can be used to run an instance on swarm? docker container run -d webapp docker container create webapp docker service create webapp docker swarm service create webapp

docker service create webapp

What is the command to run 3 instances of httpd on a swarm cluster? docker swarm service create --instances=3 httpd docker swarm service create --replicas=3 httpd docker service create --instances=3 httpd docker service create --replicas=3 httpd

docker service create --replicas=3 httpd

What component is responsible for creating tasks in a swarm? scheduler dispatcher orchestrator allocator

orchestrator

What component is responsible for instructing a worker to run a task? scheduler dispatcher orchestrator allocater

scheduler

The …. assigns tasks to nodes in swarm. scheduler dispatcher orchestrator allocator

dispatcher

The …. is used to allocate IP addresses to tasks in swarm. scheduler dispatcher orchestrator allocator

allocator

Create a swarm service webapp with image httpd and expose port 8080 on host to port 80 in container. docker container run --name=webapp -p 8080:80 httpd docker service create --name=webapp -p 8080:80 httpd docker service create --name=webapp -p 8800:80 --instances=3 httpd docker service create --replicas=3 httpd

docker service create --name=webapp -p 8080:80 httpd

Which command can be used to list the running service inside the swarm? docker service ps docker service ls docker container ps docker container ls

docker service ls

Which command can be used to list the tasks that are running as part of a specified service? docker service ps SERVICE-NAME docker service ls docker container ps SERVICE-NAME docker container ls

docker service ps SERVICE-NAME

List more details about each service in a human-readable format. docker service ps SERVICE-NAME --pretty docker container ps SERVICE-NAME --pretty docker service inspect SERVICE-NAME --pretty None of the above

docker service inspect SERVICE-NAME --pretty

Which command can be used to get the logs of a swarm service? docker container logs SERVICE-NAME docker service logs SERVICE-NAME docker swarm log SERVICE-NAME docker swarm logs SERVICE-NAME

docker service logs SERVICE-NAME

Delete a webapp service from your cluster. docker swarm leave webapp docker service rm webapp docker service rollback webapp docker service del webapp

docker service rm webapp

How many replicas does a service created with the command – 'docker service create webapp' have? 0 1 2 3

Which command can be used to increase the number of replicas from 2 to 4 of webapp? Select the all right answer. docker service update --replicas=4 webapp docker service update --replicas=2 webapp docker service scale webapp=2 docker service scale webapp=4

docker service update --replicas=4 webapp

The webapp:v1 had some bugs and we fixed them in webapp:v2. We want to apply webapp:v2 to webapp service. Select the right answer. docker service update --image=webapp:v1 webapp docker service update --image=webapp:v2 webapp docker service update webapp webapp:v1 docker service update webapp webapp:v2

docker service update --image=webapp:v2 webapp

An image update operation in a swarm service happens all at once by default. True False

False

Which option of the docker service command can be used to update 4 replicas of mywebapp service at a time? - -update-delay 4 - -update-parallelism 4 - -placement-pref-add 4 - -replicas 4

--update-parallelism 4

If at any time during an update a task returns FAILED, the default behaviour of the scheduler is to rollback the changes unless specified otherwise. True False

False It is to pause

What option may be used to change the default behavior of a failed task during an update in a swarm? - -update-failure-action - -update-parallelism - -update-delay - -placement-pref-add

--update-failure-action

What are the actions which can be used with –update-failure-action ? ``` pause continue stop rollback rolling-update ```

pause continue rollback

After an update, we realized that something is wrong with the new version and we want to revert back to the old version. How can we achieve that? docker service update rollback webapp docker service rollback webapp docker service rm webapp docker service leave webapp

docker service rollback webapp

The default type of a service in docker swarm is global. True False

False

With a global service, you can specify a minimum number of replicas for the service. True False

False

A global service will always deploy exactly one instance of the application on all the nodes in the cluster. True False

True

With a global service if a node is removed from the cluster, then that instance is removed as well and is rescheduled on another available node. True False

False

Create a replicated service webapp with 2 replicas. Select the all-right answer. docker service create --replicas=2 webapp docker service create --mode=replicated --replicas=2 webapp docker service create --mode=global --replicas=2 webapp docker service create --replicas=2 web

docker service create --replicas=2 webapp | docker service create --mode=replicated --replicas=2 webapp

Deploy exactly one instance of the application on all the nodes in the cluster. docker service create --replicas=1 webapp docker service create --mode=replicated --replicas=1 webapp docker service create --mode=global --replicas=1 webapp docker service create --mode=global webapp

docker service create --mode=global webapp

How to get the service type of webapp service? Select the all-right answer. docker container inspect webapp docker service inspect webapp docker container ls docker service ls

docker service inspect webapp | docker service ls

You are required to deploy an agent of Splunk on all nodes in the swarm cluster to monitor the health of the nodes and gather logs. What is the best approach to achieve this? Deploy the agent as a docker container on each node in the cluster. Use a cron job to set this up. Deploy the agent as a global service in the swarm cluster. Deploy the agent as a replicated service with the replica count equal to the number of worker nodes in the swarm cluster.

Deploy the agent as a global service in the swarm cluster.

By default, when we create a service, the tasks may be assigned to any of these nodes without any additional considerations as long as they have sufficient hardware resources. True False

True

If you specify multiple placement constraints, the service only deploys onto nodes where they are all met. True False

True

Which option can be used to control the workload placements with the help of labels and constraints? replicated services global services placement constraints resource restrictions

placement constraints

What is the command to deploy a service named webapp on a node which has a 'type=cpu-optimized' label. docker service create --constraint=node.labels.type==cpu-optimized webapp docker service create --labels type==cpu-optimized webapp docker service create --container-label type==cpu-optimized webapp None of the above

docker service create --constraint=node.labels.type==cpu-optimized webapp

What is the command to apply ’disk=ssd' label to worker1 in a swarm cluster. docker node update --label-add disk=ssd worker1 docker node update --label-rm disk=ssd worker1 docker service update --labels disk=ssd worker1 docker service update --container-label disk=ssd worker1

docker node update --label-add disk=ssd worker1

Bridge is the default network a container gets attached to True False

True

If you use the host network mode for a container, that container’s network stack is not isolated from the Docker host as the container shares the host’s networking namespace. True False

True

The …. network disables all networking. Usually used in conjunction with a custom network driver. host bridge overlay none

none

The …. network connects multiple Docker daemons together and enables swarm services to communicate with each other. host overlay bridge none

overlay

When you initialize a Docker Swarm cluster it creates a new network of type overlay which is an internal private network that spans across all the nodes participating in the swarm cluster. True False

True

When you create a swarm service and do not connect it to a user-defined overlay network, it connects to the …. network by default. host bridge macvlan ingress

ingress

Which network will be created when you initialize a swarm or join a Docker host to an existing swarm? host bridge macvlan ingress

bridge | ingress

What is the command to create an overlay network driver called my-overlay? docker network create my-overlay docker create network my-overlay docker network create -d overlay my-overlay docker network create overlay my-overlay

docker network create -d overlay my-overlay

docker network inspect ingress docker network -d rm ingress docker network rm ingress docker network create ingress

docker network rm ingress

Which command is used to list available networks in the swarm cluster? docker network --filter docker network get docker network ls None of the above

docker network ls

Create an overlay network driver called my-overlay with subnet 10.15.0.0/16 using a docker command. docker network create my-overlay docker network create --driver overlay --subnet 10.15.0.0/16 my-overlay docker network create -d overlay -subnet 10.15.0.0/16 docker network create overlay my-overlay

docker network create --driver overlay --subnet 10.15.0.0/16 my-overlay

When you create an overlay network, only containers created as part of a swarm service can attach to it by default. True False

True

Create an overlay network that can also be connected by standalone containers that were not created as part of a swarm service. docker network create --driver overlay --attachable my-overlay-network docker network create --driver overlay --subnet 10.15.0.0/16 my-overlay-network docker network create --driver overlay --opt encrypted my-overlay-network docker network create --driver overlay my-overlay-network

docker network create --driver overlay --attachable my-overlay-network

By default, all swarm service management traffic is encrypted using …. algorithm. TKIP DES AES RSA

AES

Encrypt the application data and enable IPSEC encryption while creating the overlay network called my-overlay-network using a docker command. docker network create --driver overlay --opt encrypted my-overlay-network docker network create --driver overlay -o encrypted=true my-overlay-network docker network create -d overlay --encrypted my-overlay

docker network create --driver overlay --opt encrypted my-overlay-network docker network create --driver overlay -o encrypted=true my-overlay-network

Delete an overlay network driver called my-overlay using a docker command. docker network rm my-overlay docker create network -d my-overlay docker rm network my-overlay docker network rm -d my-overlay

docker network rm my-overlay

Remove all of the unused networks using a docker command. docker network rm my-overlay-network docker network prune docker rm network my-overlay-network docker network rm -all

docker network prune

Which port should be opened to allow the overlay and ingress network traffic? 2377 7946 4789 4946

4789

The …. port should be opened to allow communication among nodes/Container Network Discovery. 2377 7946 4789 4946

7946

Map UDP port 80 in the container to port 5000 on the overlay network using the my-web-server image. docker service create -p 80:5000/udp my-web-server docker service create --publish published=80,target=5000,protocol=udp my-web-server docker service create -p 5000:80/udp my-web-server docker service create --publish published=5000,target=80,protocol=udp my-web-server

docker service create -p 5000:80/udp my-web-server | docker service create --publish published=5000,target=80,protocol=udp my-web-server

You have a legacy application that monitors network traffic and expects to be directly connected to the physical network. What network driver would you recommend? host bridge macvlan ingress

macvlan

Which among the below networks are used to establish connectivity between containers on different hosts? ``` Bridge MACVlan None Overlay Host IPVlan ```

MACVlan Overlay IPVlan

Macvlan network driver assigns a MAC address to each container’s virtual network interface, making it appear to be a physical network interface directly connected to the physical network. True False

True

The routing mesh enables each node in the swarm to accept connections on published ports for any service running in the swarm, even if there’s no task running on the node. True False

True

Docker requires an external DNS server to be configured during installation to help the containers resolve each other using the container name. True False

False

The built-in DNS server in Docker always runs at IP address …. 127. 0.0.11 127. 0.0.1 172. 17.0.3 172. 17.0.1

127.0.0.11

Attach the application my-web-server to a service so that we can access it using its name with the existing overlay network driver my-overlay. docker service create --name=my-service my-web-server docker service create --name=my-web-server my-web-server docker service create --name=my-web-server --network=my-overlay my-web-server docker service create --publish published=5000,target=80,protocol=udp my-web-server

docker service create --name=my-web-server --network=my-overlay my-web-server

The services only under the same network will get resolved with their names so all of the micro-service components should be under the same network so that they can resolve each other. True False

True

Attach the application my-web-server to a service so that we can access it using its name with the existing overlay network driver my-overlay and the custom DNS 8.8.8.8 docker service create --name=my-service --dns=8.8.8.8 my-web-server docker service create --name=my-web-server --dns=8.8.8.8 my-web-server docker service create --name=my-web-server --dns=8.8.8.8 --network=my-overlay my-web-server docker service create --name=my-web-server --network=my-overlay my-web-server

docker service create --name=my-web-server --dns=8.8.8.8 --network=my-overlay my-web-server

Service Discovery allows containers and services to locate and communicate with each other with their names. True False

True

The ….. is a packaged form of an application that has its own dependencies and runs in its own isolated environment. stack service docker image container

container

The ….. is one or multiple instances of the same type of container that runs on a single node or across multiple nodes in a swarm cluster. stack service docker image container

service

The ….. is a group of interrelated services that together form an entire application. stack service docker image container

stack

We must use version “2” and above of docker-compose file for stack configurations as Version “3” comes with support for a new property called deploy which is used by docker swarm for stack-related configurations. True False

False

To list stacks, run … docker stack deploy docker stack ls docker stack services docker stack ps

docker stack ls

To list the services created by a stack, run … docker stack deploy docker stack ls docker stack services docker stack ps

docker stack services

Which command can be used to list the tasks in a stack named webapp? docker stack deploy webapp docker stack ls webapp docker stack services webapp docker stack ps webapp

docker stack ps webapp

Which command can be used to remove a webapp stack? docker stack deploy webapp docker stack ls webapp docker stack services webapp docker stack rm webapp

docker stack rm webapp

You could restrict the resources assigned to a service using the …. property in the docker stack. resources replicas constraints restrict

resources

Which command can be used to deploy the STACKDEMO stack from a compose file? Select all the right answers. docker stack deploy --compose-file docker-compose.yml STACKDEMO cat docker-compose.yml | docker stack deploy --compose-file - STACKDEMO docker stack services --compose-file docker-compose.yml STACKDEMO docker stack ps --compose-file docker-compose.yml STACKDEMO

docker stack deploy --compose-file docker-compose.yml STACKDEMO cat docker-compose.yml | docker stack deploy --compose-file - STACKDEMO

``` version: 3 services: redis: image: "redis:alpine" deploy: replicas: 3 db: image: postgres:9.4 deploy: replicas: 1 placement: constraints: - "node.role==manager" web: image: webapp deploy: replicas: 5 healthcheck: test: ["CMD", "curl", "-f", "http://localhost"] interval: 30s timeout: 5s retries: 5 start_period: 120s ``` Which of the below statements are true? The redis container will always be deployed on the manager node The postgres container will only be deployed on the manager node The web container may be deployed on any node – manager or worker The redis container will not be deployed on the manager node

The postgres container will only be deployed on the manager node The web container may be deployed on any node – manager or worker

Refer to the below Docker stack file and answer the following questions: ``` version: 3 services: redis: image: "redis:alpine" deploy: replicas: 3 db: image: postgres:9.4 deploy: replicas: 1 placement: constraints: - "node.role==manager" web: image: webapp deploy: replicas: 5 healthcheck: test: ["CMD", "curl", "-f", "http://localhost"] interval: 30s timeout: 5s retries: 5 start_period: 120s ``` The health check on the web service is configured to run at an interval of every 30 seconds. What would happen if the webserver takes 45 seconds to boot up the first time? The web server container will be killed and restarted after 30 seconds The health checks only start after 2 minutes, so the webserver has sufficient time to boot up The health checks runs every 5 seconds and will mark the container as failed after 5 attempts The web service will go into an infinite loop

The health checks only start after 2 minutes, so the web server has sufficient time to boot up

``` version: 3 services: redis: image: "redis:alpine" deploy: replicas: 3 db: image: postgres:9.4 deploy: replicas: 1 placement: constraints: - "node.role==manager" web: image: webapp deploy: replicas: 5 healthcheck: test: ["CMD", "curl", "-f", "http://localhost"] interval: 30s timeout: 5s retries: 5 start_period: 120s ``` What does the timeout value in the health check stand for? The time after the container starts and before the first health check starts The time between each health check trigger The time the health check test – in this case, curl – waits to receive a successful response The number of times a check is performed before marking the container failed

The time the health check test – in this case curl – waits to receive a successful response

``` version: 3 services: redis: image: "redis:alpine" deploy: replicas: 3 db: image: postgres:9.4 deploy: replicas: 1 placement: constraints: - "node.role==manager" web: image: webapp deploy: replicas: 5 healthcheck: test: ["CMD", "curl", "-f", "http://localhost"] interval: 30s timeout: 5s retries: 5 start_period: 120s ``` What do the retries value in the health check configuration stand for? The time after the container starts and before the first health check starts The time between each health check trigger The time the health check test – in this case, curl – waits to receive a successful response The number of times a check is performed before marking the container failed The number of times the container restarts after the health check fails

The number of times a check is performed before marking the container failed

You could restrict the resources assigned to a service using the … property in the docker stack. resources replicas constrains restrict

resources

Which command can be used to promote worker2 to a manager node? Select the right answer. docker promote node worker2 docker node promote worker2 docker swarm node promote worker2 docker swarm promote node worker2

docker node promote worker2

The communication between the nodes in the swarm cluster are not secured by default. True False

False "Secure by default: Each node in the swarm enforces TLS mutual authentication and encryption to secure communications between itself and all other nodes."

Which command can be used to run an instance on swarm? docker container run -d cloud docker container create cloud docker service create cloud docker swarm service create cloud

docker service create cloud

The … network connects multiple Docker daemons together and enables swarm services to communicate with each other. host bridge overlay none

overlay

Create a swarm service redisapp with image redis and expose port 8080 on host to port 6379 in container. docker container run --name=redisapp -p 8080:6379 redis docker service create --name=redisapp -p 8080:6379 redis docker service create --name=redisapp -p 8800:6379 --instances=3 redis docker service create --replicas=3 redis

docker service create --name=redisapp -p 8080:6379 redis

When you create a swarm service and do not connect it to a user-defined overlay network, it connects to the … network by default. host bridge macvlan ingress

ingress

Map TCP port 80 in the container to port 9595 on the overlay network using the web-server image. docker service create --publish published=9595,target=8080,protocol=tcp web-server docker service create -p 80:9595/tcp web-server docker service create --publish published=80,target=9595,protocol=udp web-server docker service create -p 9595:80/tcp web-server

docker service create -p 9595:80/tcp web-server

Which formula can be used to calculate the Quorum of N nodes? N + 1 N+1 / 2 N / 2 +1 N /2 -1

N / 2 +1

Create an overlay network that can also be connected by standalone containers that were not created as part of a swarm service. docker network create --driver overlay --attachable aone-network docker network create --driver overlay --subnet 10.15.0.0/16 aone-network docker network create --driver overlay --opt encrypted aone-network docker network create --driver overlay aone-network

docker network create --driver overlay --attachable aone-network

Which Docker edition would we choose for obtaining the latest Docker Engine updates? Docker Community Edition (CE) Docker Developer Edition (DE) Docker Enterprise Edition (EE) Either Docker CE or Docker EE

Either Docker CE or Docker EE "Docker CE and EE both get all the latest engine updates."

How would we go about backing up images in the Docker Trusted Registry (DTR)? Run a docker pull on all of the images to transfer them to another host. Execute a container using the dtr image with the backup-images command. Create a backup of everything in the DTR image storage volume. To back up images, back up the contents of the volume DTR used to store images. Back up everything in /var/lib/docker/volumes.

Create a backup of everything in the DTR image storage volume. "To back up images, back up the contents of the volume DTR used to store images."

What procedure should we follow to upgrade the Docker engine on an Ubuntu server? Stop Docker, then install the packages with the newer version. Remove all containers, stop Docker, and then install the newer version. Install newer versions of the docker-ce and docker-ce-cli packages. Stop Docker, remove the packages, and then reinstall the packages with a newer version.

Install newer versions of the docker-ce and docker-ce-cli packages. "We must install newer versions of the packages in order to upgrade Docker."

Which of the following namespaces is not enabled by default? uts mnt user pid

user "Docker requires special configuration in order to utilize user namespaces."

Sara wants to run a container using the busybox image, and she wants to pass a custom command to the container: echo Docker is great!. Which of the following commands will accomplish this? docker run busybox echo Docker is great! docker run busybox -cmd echo Docker is great! docker run busybox ["echo", "Docker is great!"] docker run busybox -c echo Docker is great!

docker run busybox echo Docker is great! This command will successfully execute the echo command in the container and print the message to the screen.

Which of the following commands will run a busybox container and automatically delete it once it exits? docker run --restart no busybox docker run --rm --restart on-failure busybox docker run --rm busybox docker container rm busybox

docker run --rm busybox The --rm flag instructs Docker to automatically delete the container once it exits.

How would we create a new swarm cluster? Start dockerd with the swarm=true flag. Run docker cluster create. Use a Docker compose file that defines a new cluster. Run docker swarm init.

Run docker swarm init. This command creates a new cluster and generates the current node inside the first Swarm manager.

What is the difference between a manager and a worker in Docker swarm? Managers control the cluster, while workers only execute workloads. Managers never execute containers, workers do. Managers handle networking, while workers handle containers. Managers create new workers.

Managers control the cluster, while workers only execute workloads. This describes the roles of managers and workers in a swarm.

What does the EXPOSE directive do? It documents ports intended for publishing at the time of running a container. It makes a container's port accessible externally. It causes the container to listen on a port. It automatically publishes ports when running a container.

"It documents ports intended for publishing at the time of running a container." The EXPOSE directive documents the ports that should be published when running a container from the image.

Dave needs Docker to use a custom stop signal for halting his software. How can he build an image that will instruct Docker on which stop signal to use? Dave should use the STOPSIGNAL directive. Dave should locate the process and kill it manually. Dave should use the STOP directive. Dave should use the docker stop command.

Dave should use the STOPSIGNAL directive. The STOPSIGNAL directive instructs Docker on which stop signal to use for halting a container process.

Which Dockerfile directive would set up the base image that can serve as our starting point for establishing a new image? BASE ARG FROM START

FROM The FROM directive sets the base image.

Which of the following statements truly applies to the ENV directive? It sets an environment variable on the host while the container is running. It sets environment variables that are made available in subsequent build steps and to containers at the runtime. It sets environment variables that are only visible at the container runtime. It sets environment variables that are only visible during later build steps.

It sets environment variables that are made available in subsequent build steps and to containers at the runtime. The ENV directive sets environment variables, and they're visible during subsequent build steps and at the container runtime.

How can we use multi-stage builds to generate small, efficient Docker images? We can leverage the implementation of multi-stage builds, which will shorten the build processing times. We can copy only specific files from previous stages so that we can keep the image as small as possible. We can use separate build stages to delete files from the image. We can build the image, and then run diagnostics on it in a separate stage to make it more efficient.

We can copy only specific files from previous stages so that we can keep the image as small as possible. This is the primary use case for multi-stage builds.

Which of the following are insecure ways to allow a Docker client to authenticate against a registry that uses a self-signed certificate? (Choose two) We pass the --insecure-registry flag to the Docker daemon. We add the registry to insecure-registries in /etc/docker/daemon.json. We use the --skip-tls flag with docker login. We add the self-signed certificate as a trusted registry certificate under /etc/docker/certs.d/.

We pass the --insecure-registry flag to the Docker daemon. We add the registry to insecure-registries in /etc/docker/daemon.json. ^ These methods work and are insecure

What is the term for a package containing all the software that's needed to run a Docker container? Kernel Repository Package Image An image contains the software that's needed to run a Docker container.

- Image "An image contains the software that's needed to run a Docker container."

How is the ADD directive different from COPY? (Choose two) The ADD directive can transfer a specific file between build stages. The ADD directive can pull a file from an external URL. The ADD directive can extract an archive into the image. The ADD directive can transfer files over to a specific location inside the image

- The ADD directive can pull a file from an external URL. "The ADD directive can pull from a URL while COPY cannot." - The ADD directive can extract an archive into the image. "The ADD directive can extract archives while COPY cannot."

Describe what the RUN directive does. The RUN directive executes a command on the host when building an image. The RUN directive sets the default command for the image. The RUN directive executes a command and commits the resulting changed files as a new layer in the image. The RUN directive automatically runs a command when a new container gets created.

- The RUN directive executes a command and commits the resulting changed files as a new layer in the image. "This accurately describes what RUN does."

What is the primary purpose of a Docker registry? It provides a central location for storing and distributing images. It builds images. It stores and organizes Dockerfiles. Scan images for vulnerabilities.

It provides a central location for storing and distributing images. "This is what a Docker registry does."

What does the FROM directive do? It indicates the build location of where the image is. It pulls a file from an external source into the image. It sets the working directory of containers ran using the image. It sets a base image that can be used as a platform to begin builds.

It sets a base image that can be used as a platform to begin builds. The FROM directive sets the base image.

Which of the following is true about the creation of private Docker registries? We need Docker Trusted Registry (DTR) present if we want to generate a private registry. We can create our own registry by running a container with the registry image. We cannot secure a private registry in Docker Community Edition (CE). We need a Docker EE license to have our own private registry created.

We can create our own registry by running a container with the registry image. "Running this image will create a private Docker registry."

Which of the following Kubernetes Node taint effects would evict existing Pods that do not tolerate the taint bearing that effect? NoContainer PreferNoSchedule NoExecute NoSchedule

NoExecute "NoExecute evicts existing Pods from the Node."

In Kubernetes, Which of the following is needed in order to expand a PersistentVolumeClaim? A Storage driver that supports volume expansion. A StorageClass with allowVolumeExpansion=true. A StorageClass with expandable=true. A PersistentVolume with allowVolumeExpansion=true.

A StorageClass with allowVolumeExpansion=true. "In order to expand a PersistentVolumeClaim, the StorageClass must have allowVolumeExpansion set to true."

Kelly has a Docker swarm cluster with --autolock enabled. One of her manager nodes has become locked, and she has lost the unlock key. Fortunately, there are still some swarm nodes that are not locked. How can she obtain the unlock key from one of the unlocked nodes? Kelly can use the docker swarm key print command. Kelly can use the docker swarm unlock-key command. Kelly can look in the file located at /etc/docker/swarm/unlock.key. Kelly can use the docker swarm unlock command.

Kelly can use the docker swarm unlock-key command. "This command will retrieve the unlock key from a manager node that is currently not locked."

Where can you add volumes to a Pod in Kubernetes? The Pod specification. The Pod metadata. The Pod template in a Service specification. the Container Specification.

The Pod specification. "Volumes are listed in the PodSpec."

We have some containerized software that needs to have a reference to the hostname of the node that the software is running on. Which of the following commands will let us pass the node hostname as an environment variable into each task in a service? docker service create --env NODE_HOSTNAME="{{.Node.Hostname}}" nginx docker service create --pass-node-hostname=true nginx docker service create -e NODE_HOSTNAME nginx docker service create --env NODE_HOSTNAME="{{Hostname}}" nginx

docker service create --env NODE_HOSTNAME="{{.Node.Hostname}}" nginx "This command will create an environment variable in each task that contains the node hostname."

How would we back up the metadata for Docker Swarm? We can run the swarm image with the backup command. We can back up the contents of /etc/docker/swarm. We can back up the contents of /usr/local/swarm. While the Docker daemon stops, we can back up the contents of /var/lib/docker/swarm on a Swarm manager.

While the Docker daemon stops, we can back up the contents of /var/lib/docker/swarm on a Swarm manager. "We can back up Docker Swarm metadata by backing up the contents of this directory."

What should we use if we need to run multiple copies of a single image in a swarm? We should use a task. We should use a service. We should use a stack. We should run the docker-compose command.

We should use a service. "Services are used to run multiple replicas that use the same image."

Which of the following commands will evenly spread out tasks based upon the values of a node label? docker service create --constraint spread=node.labels.availability_zone nginx docker service create --placement-pref spread=node.labels.availability_zone nginx docker service create --placement-pref spread nginx docker service create --placement-pref even-spread=node.labels.availability_zone nginx

docker service create --placement-pref spread=node.labels.availability_zone nginx "This command will evenly spread out tasks based upon the values of the availability_zone label."

You have a web application frontend that will need to be accessed by users, and a backend database that will be accessed by the frontend Pods. Both of these components are running within your Kubernetes cluster. Which Service types should you use to expose the web frontend and the backend database, respectively? NodePort, ClusterIP ClusterIp for both. NodePort for both. ClusterIP, NodePort

NodePort, ClusterIP You can use a NodePort Service to allow users to access the frontend, while a ClusterIP Service exposes the backend database to other pods within the cluster.

Sally wants to prevent Docker Swarm encryption keys from being stored insecurely on her swarm managers. How can she tackle enforcing a lock on the swarm cluster? The auto-lock feature must be turned on when the cluster is initialized and cannot be enabled after the fact. Sally cannot do this because Docker does not offer this functionality. Sally can use the --autolock=true flag with the docker swarm update command. Sally can locate the critical files after the installation and delete them.

Sally can use the --autolock=true flag with the docker swarm update command. "This command will turn on --autolock, ensuring that managers will be automatically locked whenever the Docker daemon restarts."

How would we rotate a docker swarm unlock-key and ensure that all nodes receive the new key? We can use the docker swarm unlock command. We would run the docker swarm unlock-key --rotate command on one manager node. We would run the docker swarm unlock-key --rotate command on all manager nodes. We would generate a new key and save it in a file located at /etc/docker/swarm/unlock.key.

We would run the docker swarm unlock-key --rotate command on one manager node. This command will automatically rotate the key and handle all orchestration between nodes.

Which of the following scenarios would still allow the quorum to complete maintenance in a swarm cluster? (Choose two) A 3-node cluster with 2 nodes down. A 7-node cluster with 3 nodes down. A 4-node cluster with 2 nodes down. A 3-node cluster with 1 node down.

A 7-node cluster with 3 nodes down. "More than half of the nodes are still up, so the quorum is maintained in this scenario." A 3-node cluster with 1 node down. "More than half of the nodes are still up, so the quorum is maintained in this scenario."

Which of the following commands will allow us to add a label to a Docker Swarm node? docker node update --label-add docker node tag docker node update --labels docker label add

docker node update --label-add "This command will add a label to the node."

Which devicemapper mode should we use for a production environment? loop-lvm direct-lvm block storage overlay2

direct-lvm "We should use direct-lvm mode in a production environment."

Which of the following commands may result in the creation of a new named volume? docker run -v my-vol:/tmp nginx docker run -v /my-vol:/tmp nginx docker run -v /my-vol:/tmp:create nginx docker run --mount source=/my-vol,destination=/tmp nginx

docker run -v my-vol:/tmp nginx "This command will create a new volume called my-vol if one does not already exist under that name."

Which of the following is true of filesystem storage models? (Choose two) They are efficient with write-heavy workloads. They store data in regular files on the host machine. They use an external, object-based store. They are used by overlay2 and aufs. The overlay2 and aufs storage drivers both use filesystem storage models.

- They store data in regular files on the host machine. "Filesystem storage models simulate a file system and store the data in regular files onto the host machine." - They are used by overlay2 and aufs. "The overlay2 and aufs storage drivers both use filesystem storage models."

Which of the following commands would we use to retrieve a list of volumes on the current machine? docker volume ps docker volume rm docker volume ls docker volume inspect

docker volume ls "This command will return a list of volumes on the current machine."

Which of the following commands can we use to locate the actual files that store a container's internal data? docker volume ls docker container inspect docker image inspect docker container volume ls

docker container inspect "This command will return the container metadata, including the location of its data on the host."

When creating a container, how would we specify that the container should be attached to an existing network called my-network? We can use docker run --network-alias web nginx. We can use docker run -n my-network nginx. We can use docker run --attach my-network nginx. We can use docker run --network my-network nginx.

We can use docker run --network my-network nginx. "This command will attach the container to an existing network called my-network."

Which component of the Docker Container Networking Model (CNM) is responsible for allocating IP addresses within Docker networks? A Docker Swarm manager is responsible. The Docker network is responsible. The network driver is responsible. The IP Address Management (IPAM) Driver is responsible.

The IP Address Management (IPAM) Driver is responsible. "The IPAM driver handles IP allocation"

When creating an overlay network, what flag can we use to allow containers to attach to the network after it is created? --attachable --network-driver attachable --open true --attach=true

--attachable "After the creation of the overlay network, the --attachable flag will allow containers to attach to the network."

Which of the following commands will publish a service's port, but only on nodes that are running a task for that service? docker service create -p mode=ingress,published=8082,target=80 nginx docker service create -p 8080:80 nginx docker service create -p 8080:80 --mode host nginx docker service create -p mode=host,published=8082,target=80 nginx

docker service create -p mode=host,published=8082,target=80 nginx "Host publishing mode only publishes ports on nodes that are running a task for the service."

Which of the following tasks can we perform to set a custom DNS server for a container? We can use the --nameserver flag with docker run. We can use the --dns flag with docker run. We can set "dns" in /etc/docker/daemon.json. We can use the --dns-override flag with docker run.

We can use the --dns flag with docker run. "This method would allow us to set a custom DNS server for the container."

Which of the following is a valid method that we can use for setting the default DNS server for all containers on a host? We can use docker config set dns. We can use the --dns flag with docker run. We can set "dns" in /etc/docker/daemon.json. We can edit the /etc/hosts file on the host.

We can set "dns" in /etc/docker/daemon.json. "This method will set the default DNS for all containers on the host."

What component of the Docker Container Networking Model (CNM) refers to a collection of endpoints that can communicate with one another? Network Network device IP Address Management (IPAM) Driver Sandbox

Network A network is a bridge that allows endpoints plus containers to communicate with one another.

Which of the following is true of a service that has a port published in ingress mode? The service will listen on all nodes on the cluster. The service will only listen on a manager. The service will only listen on worker nodes that are running the service's tasks and manager nodes. The service will only listen on nodes that are running tasks associated with the service.

The service will listen on all nodes on the cluster. "With ingress mode services listen on all nodes in the cluster."

Which of the following statements about grants in the Universal Control Plane (UCP) is accurate? Each grant refers to one or more roles. A grant provides permissions concerning precisely one object. Grants can give permissions to a user, team, or organization. Grants give permissions to a subject, which consists of a user, team, or organization. For each user, only one grant may be assigned.

Grants can give permissions to a user, team, or organization. "Grants give permissions to a subject, which consists of a user, team, or organization."

Tracy has a Docker Trusted Registry (DTR), and her development team has been mistakenly overwriting images in a repository by pushing a different image with an existing tag. How can she prevent this from happening? Tracy can remove the team's access to the registry. Tracy can make the repository private. Tracy can back up the registry. Tracy can mark the repository as immutable.

Tracy can mark the repository as immutable. "Marking the repository as immutable will prevent her team from overwriting existing tags."

What is the name of Docker feature that enables us to sign images and verify image signatures before running them? Docker Image Trust Docker registry Docker Content Trust Docker Trusted Registry

Docker Content Trust "Docker Content Trust allows us to sign images and verify signatures before running them."

How can we provide custom certificates to the Universal Control Plane (UCP) and Docker Trusted Registry (DTR)? We must supply the certificates during the UCP and DTR installation process. We can push new certificates via the UCP web API. We can upload certificates via the UCP and DTR web UIs. docker ucp config --cert

We can upload certificates via the UCP and DTR web UIs. "We can upload certificates in the administrative settings section for both UCP and DTR."

How can you enable Docker Content Trust (DCT) in Docker Community Edition (CE)? Set the CONTENT_TRUST environment variable to 1. Set the DOCKER_CONTENT_TRUST environment variable to 1. Set "content-trust": true in /etc/docker/daemon.json. Pass the --content-trust flag to dockerd.

Set the DOCKER_CONTENT_TRUST environment variable to 1. Setting this environment variable to 1 will enable DCT.

Which command allows us to create an encrypted overlay network? docker network create --opt encrypted my-net docker network create --opt encrypted --driver overlay my-net docker network create --encrypted --driver overlay my-net docker network create --secure --driver overlay my-net

docker network create --opt encrypted --driver overlay my-net "This command will create an encrypted overlay network."

What is an easy way to configure a client to communicate with Universal Control Plane (UCP) using client certificates? We can execute the docker login command. docker ucp login We can log into UCP via a browser. We can download and use a client bundle.

We can download and use a client bundle. "Client bundles provide client certificates for authenticating with UCP."

Given Docker's architecture and built-in security features, which of the following security scenarios should we be concerned about the most? If an attacker gains control of a container, they could use it to affect other containers on the same host directly. An attacker may intercept swarm-level traffic between swarm nodes and obtain sensitive information from the data. If an attacker gains access to the Docker daemon, they could use it to execute commands as root on the host. An attacker could set up a false machine under their control and join it to the swarm cluster to steal sensitive data, causing containers with sensitive data to execute on a fake device.

If an attacker gains access to the Docker daemon, they could use it to execute commands as root on the host. The Docker daemon must run as root, so it is essential to ensure that it's being protected and has limited access to it.

Which statements best describes Docker Enterprise? Docker Enterprise provides a consistent and secure end-to-end application pipeline, choice of tools and languages, and globally consistent Kubernetes environments that run in any cloud. Docker Enterprise enables deploying highly available workloads using Docker Swarm only. Docker Enterprise automates many of the tasks that orchestration requires, like provisioning pods, containers, and cluster resources. Self-healing components ensure that Docker Enterprise clusters remain highly available.

Docker Enterprise provides a consistent and secure end-to-end application pipeline, choice of tools and languages, and globally consistent Kubernetes environments that run in any cloud. Docker Enterprise automates many of the tasks that orchestration requires, like provisioning pods, containers, and cluster resources. Self-healing components ensure that Docker Enterprise clusters remain highly available.

Which of the below statements are true? Docker CE or Docker Community Edition is the open-source and free version of Docker. Docker CE needs a license key (or) file to activate it. Both Docker Community Edition and Docker Enterprise Edition have the same core features and functions. Docker Enterprise Edition comes with additional support for IT teams to build, share and run business-critical applications at scale. The only difference between Docker CE and Docker EE is that Docker EE comes with a dedicated support team

Docker CE or Docker Community Edition is the open-source and free version of Docker. Both Docker Community Edition and Docker Enterprise Edition have the same core features and functions. Docker Enterprise Edition comes with additional support for IT teams to build, share and run business-critical applications at scale.

Docker Engine Enterprise is a hardened and secure version of Docker Engine. True False

True

Which of the following are the features of Docker Enterprise Edition? ``` Security & Access Control Universal Control Plane & Trusted Registry Source Code Management Docker Swarm Service Kubernetes Service ```

Security & Access Control Universal Control Plane & Trusted Registry Docker Swarm Service Kubernetes Service

Docker Enterprise cluster can only be provisioned on public cloud platforms. True False

False

You can download your Docker EE license by navigating to the “My Content” page on Docker Store. True False

True

…. is the enterprise-grade cluster management platform from Docker. You install it on-premises or in your virtual private cloud, and it helps you manage your Docker cluster and applications through a single interface. Universal Control Plane (UCP) Docker Enterprise Edition Docker Community Edition Docker Trusted Registry (DTR)

Universal Control Plane (UCP)

… is a combination of multiple enterprise-grade tool sets which include Docker Engine Enterprise as well as container orchestration and registry tools. Universal Control Plane (UCP) Docker Enterprise Edition Docker Community Edition Docker Trusted Registry (DTR)

Docker Enterprise Edition

… is the enterprise-grade image storage solution from Docker. You install it behind your firewall so that you can securely store and manage the Docker images you use in your applications. Universal Control Plane (UCP) Docker Enterprise Edition Docker Community Edition Docker Trusted Registry (DTR)

Docker Trusted Registry (DTR)

Docker EE license subscription includes …. product. Universal Control Plane (UCP) Docker Trusted Registry (DTR) Docker Engine – Enterprise with enterprise-grade support Docker Engine – Community Edition

Universal Control Plane (UCP) Docker Trusted Registry (DTR) Docker Engine – Enterprise with enterprise-grade support

…. is one of the system requirements for UCP. The nodes must be Linux Kernel version 3.10 or higher Each node must be configured with a static ip address User namespaces should not be configured on any node all nodes must have Docker Engine Enterprise installed

The nodes must be Linux Kernel version 3.10 or higher Each node must be configured with a static ip address User namespaces should not be configured on any node all nodes must have Docker Engine Enterprise installed

User namespaces should not be configured on any node as they are not currently supported in UCP. True False

True

With …, you can manage all of the computing resources you have available, like nodes, volumes, and networks from a centralized place. Universal Control Plane (UCP) Docker Enterprise Edition Docker Community Edition Docker Trusted Registry (DTR)

Universal Control Plane (UCP)

DTR is highly available through the use of multiple replicas of all containers and metadata such that if a machine fails, DTR continues to operate and can be repaired. True False

True

Docker enterprise is the only platform that supports both Docker swarm and Kubernetes on the same cluster. True False

True

Which command can be used to verify the installed docker is a CE or EE? docker container ls docker version docker --version None of the above

docker version

Which of the following need to be installed in order to provision the Docker EE infrastructure? Docker Enterprise Engine should be installed on every node inside your Docker EE setup A MongoDB database should be pre-provisioned prior to installing Docker EE Install the Universal Control Plane (UCP) Install the Docker Trusted Registry (DTR)

Docker Enterprise Engine should be installed on every node inside your Docker EE setup Install the Universal Control Plane (UCP) Install the Docker Trusted Registry (DTR)

Which of the following are the major components of Docker Engine – Enterprise? A server which is a type of long-running program called a daemon process (the dockerd command). A REST API which specifies interfaces that programs can use to talk to the daemon and instruct it what to do. A command-line interface (CLI) client (the docker command).

A server which is a type of long-running program called a daemon process (the dockerd command). A REST API which specifies interfaces that programs can use to talk to the daemon and instruct it what to do. A command-line interface (CLI) client (the docker command).

Docker Engine – Enterprise can only be installed on linux distros. True False

False

To install Docker Enterprise, you will need the URL of the Docker Enterprise repository associated with your trial or subscription. True False

True

Which command can be used to start the docker ee service on a systemctl configured system? sudo systemctl start docker-ee sudo systemctl start docker sudo systemctl docker start sudo systemctl docker-ee start

sudo systemctl start docker

What is the command to show the installed version of “Docker Enterprise” Server and Client? docker version docker --version docker -V docker -v

docker version

Which of the below statements best describe the Universal Control Plane (UCP)? UCP manages your Docker cluster and applications through a single interface. Universal Control Plane (UCP) is the enterprise-grade cluster management solution from Docker. UCP stores and manages images used by applications UCP has its own built-in authentication mechanism and integrates with LDAP and AD services.

Universal Control Plane (UCP) is the enterprise-grade cluster management solution from Docker. UCP has its own built-in authentication mechanism and integrates with LDAP and AD services.

UCP provides a simple and easy-to-use GUI to manage your applications. True False

True

Which of the following features does UCP provide? Centralized Cluster Management Deploy, manage and monitor workload Built-in security and access control Issue Tracker Source Code Management

Centralized Cluster Management Deploy, manage and monitor workload Built-in security and access control

What are the minimum hardware requirements to install UCP? 4GB RAM, 2vCPUs and 10GB disk space for the /var partition for manager nodes, 2GB RAM and 500MB disk space for the /var partition for worker nodes 8GB RAM, 2vCPUs and 10GB disk space for the /var partition for manager nodes, 4GB RAM and 500MB disk space for the /var partition for worker nodes 8GB RAM, 2vCPUs and 10GB disk space for the /var/lib/docker partition for manager nodes, 4GB RAM and 500MB disk space for the /var/lib/docker partition for worker nodes 4GB RAM, 2vCPUs and 10GB disk space for the /var/lib/docker partition for manager nodes, 2GB RAM and 500MB disk space for the /var/lib/docker partition for worker nodes

8GB RAM, 2vCPUs, and 10GB disk space for the /var partition for manager nodes 4GB RAM and 500MB disk space for the /var partition for worker nodes

Which of the following are the prerequisites to install UCP for linux? The nodes must be Linux Kernel version 3.10 or higher. Each node must be configured with a static ip address. Ensure they are configured with an NTP server to sync time. User namespaces should be configured on every node. All nodes must have Docker Engine Enterprise installed.

The nodes must be Linux Kernel version 3.10 or higher. Each node must be configured with a static ip address. Ensure they are configured with an NTP server to sync time. All nodes must have Docker Engine Enterprise installed.

Which of the following are the components deployed on the manager node by UCP? ``` ucp-controller ucp-metric ucp-proxy ucp-auth-api ucp-agent ```

ucp-controller ucp-auth-api

Which of the following are the components deployed by UCP on worker nodes? ucp-agent ucp-metric ucp-proxy ucp-auth-api

ucp-agent ucp-proxy

Which of the following steps are required to add a worker node to a UCP cluster? Make sure Docker EE is up and running and Pull the UCP image from the registry Set the Admin Username and Password for UCP Console Login to the Browser and provide the downloaded Docker EE License Add more managers and workers as per requirement

Make sure Docker EE is up and running and Pull the UCP image from the registry Set the Admin Username and Password for UCP Console Login to the Browser and provide the downloaded Docker EE License Add more managers and workers as per requirement

UCP works with Docker swarm under the hoods. True False

True

When a new node is added to the cluster the ucp-agent is deployed there and it automatically configures the node to work with UCP. True False

True

UCP has its own built-in authentication mechanism and integrates with LDAP and AD services. True False

True

When UCP is deployed it creates a replicated service called ucpagent. True False

False

When a new node is added to the cluster, an ucp-agent is deployed there. True False

True

Which component is responsible to serve the UCP components such as the web ui, the authentication api,metrics server, proxy and data stores used by UCP in the form of containers? UCP Agent Docker Enterprise Edition Docker Community Edition Docker Trusted Registry (DTR)

UCP Agent

We can interact with UCP from the GUI only. True False

False

One of the prerequisites to install the UCP is make sure that the Docker CE is up and running. True False

False

Which of the following steps are required to add a worker node? Provision a node and Install Docker enterprise engine on it. Run the docker swarm join command to join the new node to the cluster. Deploy an instance of the ucp-agent on the new node. ucp-agent then installs the necessary components on the worker node.

Provision a node and Install Docker enterprise engine on it. Run the docker swarm join command to join the new node to the cluster. ucp-agent then installs the necessary components on the worker node.

The ucp-agent installs the necessary components on the worker node automatically after a new node joins the cluster. True False

True

ucp-agent is configured as a global service. True False

True

Docker Trusted Private Registry stores Docker Images in a highly secure manner with additional features like Image signing, and Image scans etc. True False

True

Which of the following statements best describe Docker Trusted Registry (DTR)? Docker Trusted Registry (DTR) is Mirantis’s enterprise-grade image storage solution. Images stored on DTR can only be accessed from within the Docker EE Cluster DTR provides a secure environment on which users can store and manage Docker images. DTR should be installed only on a worker node that is managed by UCP

Docker Trusted Registry (DTR) is Mirantis’s enterprise-grade image storage solution. DTR provides a secure environment on which users can store and manage Docker images. DTR should be installed only on a worker node that is managed by UCP

What are the features of Docker Trusted Registry (DTR)? Built-in Access Control Image and Job Management Automated image builds Security Scanning Dockerfile management in SCM Image Signing

Built-in Access Control Image and Job Management Security Scanning Image Signing

What is a recommended approach to deploying DTR? Deploy a single instance of DTR. Deploy at least 2 instances of DTR to support high availability. Deploy at least 3 instances of DTR to support high availability.

Deploy at least 3 instances of DTR to support high availability.

DTR is able to reduce the bandwidth used when pulling Docker images by caching images closer to users. True False

True

Docker Trusted Registry (DTR) is a containerized application that runs on a Docker Universal Control Plane cluster. True False

True

To install DTR, all nodes must _______ and ____________. Be a worker node managed by UCP Be a manager node managed by UCP Have a fixed hostname Have at least 200 GB of disk space

Be a worker node managed by UCP Have a fixed hostname

What are the minimum hardware requirements to install DTR? 4GB RAM, 2vCPUs, and 200GB of free disk space. 8GB RAM, 2vCPUs, and 200GB of free disk space. 16GB RAM, 2vCPUs, and 10GB of free disk space. 8GB RAM, 2vCPUs, and 10GB of free disk space.

16GB RAM, 2vCPUs, and 10GB of free disk space.

What are the recommended hardware requirements to install DTR? 16GB RAM, 2vCPUs and 100GB of free disk space. 16GB RAM, 4vCPUs and 25-100GB of free disk space. 8GB RAM, 4vCPUs and 25-100GB of free disk space. 8GB RAM, 2vCPUs and 100GB of free disk space.

16GB RAM, 4vCPUs, and 25-100GB of free disk space.

DTR and UCP must be installed on the same node. True False

False

DTR also supports RBAC for access control. True False

True

… is a private image registry/repository that can be deployed within your organization to store images securely. DTR UCP UCP Agent None of the above

DTR

DTR can only be installed on-premises, and not on virtual private cloud. True False

False

DTR has a web user interface that allows authorized users in your organization to browse Docker images and review repository events. True False

True

Which image is used to deploy the dtr? dtr docker/dtr ucp docker/ucp

docker/dtr

What is the type and the name of the network of the DTR deployment? overlay/dtr overlay/dtr-ol bridge/dtr bridge/dtr-ol

overlay/dtr-ol

By default, the docker registry stores the images you push to it in an NFS shared storage. True False

False

You can interact with the UCP either through the UCP GUI Console or through the CLI. True False

True

Which of the following statements are true about deploying workload via GUI on UCP Cluster? The Docker swarm section in the UI helps create swam services by specifying the image details, scheduling, network, environment, resource, and logging configuration. UCP only supports deploying workloads on Docker Swarm UCP only supports deploying workloads on External Kubernetes Clusters The Kubernetes section in the UI helps create Kubernetes objects such as PODs, services, ingress, controllers such as replicasets, deployments, daemonsets, statefulsets, job or cron jobs as well as service accounts or storage.

The Docker swarm section in the UI helps create swam services by specifying the image details, scheduling, network, environment, resource, and logging configuration. The Kubernetes section in the UI helps create Kubernetes objects such as PODs, services, ingress, controllers such as replicasets, deployments, daemonsets, statefulsets, job or cron jobs as well as service accounts or storage.

Which of the following statements are true about deploying workload via CLI on UCP Cluster? With CLI you may use the docker command-line interface to interact with the UCP cluster. CLI access doesn't require authentication to the UCP Cluster. CLI access requires authentication to the UCP Cluster. Download the certificate from UCP Console and copy this over to the server from where you’d like to access and extract it to a path.

With CLI you may use the docker command-line interface to interact with the UCP cluster. CLI access requires authentication to the UCP Cluster. Download the certificate from UCP Console and copy this over to the server from where you’d like to access and extract it to a path.

You can interact with the UCP through the CLI. True False

True

DCA Flashcards

(500 cards)