A) docker commit
B) docker tag
C) docker push
D) docker images
E) docker pull
2. Which network allows Docker Trusted Registry components running on different nodes to communicate and replicate Docker Trusted Registry data?
A) dtr-ol
B) dtr-hosts
C) dtr-br
D) dtr-vlan
A) docker service create —mode global
B) docker swarm create —mode global
C) docker service create —global
D) docker swarm create —global
4. Which of the following is not an endpoint exposed by Docker Trusted Registry that can be used to assess the health of a Docker Trusted Registry replica?
A) /health
B) /nginx_status
C) /api/v0/meta/cluster_status
D) /replica_status
5. Which of the following endpoints exposed by Docker Trusted Registry can be used to assess the health of a Docker Trusted Registry replica?
A) /health
B) /api/health
C) /replica_status
D) /nginx/health
6. One of your developers is trying to push an image to the registry (dtr.example.com). The push fails with the error “denied: requested access to the resource is denied”. What should you verify the user has completed?
A) docker login -u <username> -p <password> dtr.example.com
B) docker registry login -u username -p <password> dtr.example.com
C) docker push <username>/<image:tag> dtr.example.com
D) docker images login -u <username> -p <password> dtr.example.com
7. You have been asked to backup the swarm state on a Linux installation. By default, where do Docker manager nodes store the swarm state and manager logs?
A) /var/run/docker/swarm
B) /var/lib/docker/swarm
C) /etc/docker/swarm
D) /run/docker/swarm
A) echo '{"debug": true}' > /var/lib/docker/daemon.json ; sudo kill -HUP <pid of
dockerd>
B) echo '{"debug": true}' > /etc/docker/config.json ; sudo kill -HUP <pid of
dockerd>
C) echo '{"debug": true}' > /var/lib/docker/config.json ; sudo kill -HUP <pid of
dockerd>
D) echo '{"debug": true}' > /etc/docker/daemon.json ; sudo kill -HUP <pid of
dockerd>
A) docker service create --replicas 4 --name myservice nginx
B) docker service create --instances 4 --name myservice nginx
C) docker service scale myservice=4 nginx
D) docker service scale --replicas 4 --name myservice nginx
10. You are using self-signed UCP certs and have a second DNS name that points to your internal controllers. When installing UCP, which flag should you use to add this additional name?
A) --internal-server-cert
B) --dns
C) --san
D) --external-server-cert
A) \*\*.pyc
B) \*_/_.pyc
C) \*.pyc
D) /\*.pyc
12. Bob has configured his docker daemon to use syslog log driver by default. how can he run a container which uses son-file log driver?
A) By using “—log-opt-json-file along with the docker run
B) By using “—log-driver json-file” along with docker run
C) By using “—logger json-file” along with docker run
D) Its impossible
A) docker network ls
B) docker info network
C) docker network info
D) docker network inspect
14. You want to ensure that a container doesn’t expect memory usage than a specified amount. Which of the following will be used by default by docker to achieve that ?
A) namespaces
B) selinux
C) cgroups
D) seccomp
15. Which of the following lvm mode should a production host using the devicemapper as a storage driver use?
A) loop-vm
B) overlay
C) direct-lvm
D) zfs
A) swarm, ucp , dtr
B) dtr, ucp, swarm
C) ucp, dtr , swarm
D) swarm, dtr, ucp
17. Which of the following commands can take a tar file as an argument and add the extracted content into the image automatically?
A) COPY
B) ADD
C) ADD and COPY both
D) None of these
18. You want to get shell access into a running container with id. Which command should you use for it?
A) docker exec
B) docker ps
C) docker run
D) docker bash
A) 2377
B) 7946
C) 2377 and 7946
D) 2388
20. Docker content trust policy provides the ability to use __ for verifying integrity and the publisher of all the data received from a registry over any channel
A) end to end encryption
B) digital signatures
C) symmetric key encryption
D) a container
A) Secrets are encrypted during transit and also at rest
B) Secrets are available to swarm services and standalone container
C) Secrets are mounted in container’s filesystem directly
D) Secrets can be used for storing username and password
22. A global service is a service that runs ____ task/tasks on every node that meet the placement and resource constraints
A) Many
B) one
C) more than one
D) none
A) Image is a collection of immutable layers whereas container is a running instance of an image
B) Container can exist without the image but image cannot exist without container
C) Only one container can be spawned from a given image at a time
D) If multiple containers are spawned from the same image then they all use the same copy of image in memory
A) True
B) False
A) Docker CLI bundles and Docker web UI bundles
B) Ops client bundles and dev client bundles
C) Docker UCP client bundles and DTR client bundles
D) Admin user certificate bundles and user certificate bundles
A) True
B) False
27 Docker security scan can be started by all users including those with read-only access. True or false?
A True
B False
A) export TRUST_DOCKER_CONTENT=1
B) export TRUST_DOCKER_IMAGE=1
C) export SIGN_DOCKER_IMAGE=1
D) export DOCKER_CONTENT_TRUST=1
A) Certificate
B) Role
C) Subject
D) Resource collection
A) Docker Machine
B) Universal Control Plane
C) Docker Compose
D) Docker Trusted Registry
A) You can configure Docker’s trust features so that your users can push and pull trusted images
B) You can use certificate-based client-server authentication to verify a Docker daemon has the rights to access images on a registry
C) You can configure secure computing mode (Seccomp) policies to secure system calls in a container
D) You can protect the Docker daemon socket and ensure only trusted Docker client connections
A) Configure Notary client
B) Delegate signing to the keys in your UCP client bundle
C) Initialize trust metadata for the repository
D) Approve image sign on UCP
A) Docker Machine
B) Docker Trusted Registry
C) Docker Compose
D) Universal Control Plane
A) ucp-agent service automatically starts serving all UCP components in manager node, and only a proxy service in worker node
B) ucp-agent service automatically starts serving all UCP components in worker node, and only a proxy service in manager node
A) json
B) xml
C) html
D) yaml
A) replicated and global services
B) distributed and replicated services
C) local and global services
D) replicated and local services
A) To inspect changes to files or directories on a container's filesystem
B) To manage Docker configs
C) To display system-wide information
D) To return low-level information on Docker objects
A) docker swarm --autolock=true
B) docker swarm update --autolock=true
C) docker swarm autolock
D) docker swarm update --autolock-swarm=true
A) Number of identical tasks can be specified for a replicated service. There is no pre-specified number of tasks for global service.
B) Replicated service can only be deployed on manager node. Global service can be deployed on both manager and worker node.
C) Replicated service runs one task on every node. Global service runs multiple task on every node.
D) Good candidates for replicated service are monitoring agents that you want to run on every node in the swarm. Good candidates for global service are http servers.
40 Which network driver type is best when the network stack should not be isolated from the Docker host, but you want other aspects of the container to be isolated?
A) User-defined bridge networks
B) Overlay networks
C) Host networks
D) Macvlan networks
-
C.
https://docs.docker.com/engine/reference/commandline/push/ -
A.
https://success.docker.com/article/how-to-test-the-dtr-ol-network
-
A.
Refer to the cli documentation https://docs.docker.com/engine/reference/commandline/service_create/ -
D.
-
A.
-
A.
-
B.
-
D.
-
A.
-
C.
-
B.
https://codefresh.io/docker-tutorial/not-ignore-dockerignore/ -
B.
-
D.
https://docs.docker.com/engine/reference/commandline/network_inspect/ -
C.
-
C.
Is meant to be used in production environment. -
A.
ucp - universal control plane dtr - docker trust registry swarm - nodes with manager https://docs.docker.com/ee/ucp/admin/backups-and-disaster-recovery/ -
B.
https://nickjanetakis.com/blog/docker-tip-2-the-difference-between-copy-and-add-in-a-dockerile -
A.
docker exec -it bash is the command which you should use i stand for interactive and t stand for shell
-
B.
-
B.
Secrets can be used only by swarm service not standalone https://docs.docker.com/engine/swarm/secrets/ -
B.
https://docs.docker.com/engine/swarm/services/#replicated-or-global-services -
A and D
-
A.
Overlay networks can’t exist if docker engine is not part of a swarm. So to create overlay network being a manager node in a swarm is a necessary condition. If we try creating overlay network from a non manager node we get the following error$ docker network create -d overlay network test.network Error response from daemon. Cannot create a multi host network from a worker node.Please create the network from a manager node.
-
D.
Reference: https://docs.docker.com/datacenter/ucp/2.2/guides/user/access-ucp/cli-based-access/
-
B.
-
B.
-
D.
Reference: https://docs.docker.com/datacenter/dtr/2.3/guides/user/manage-images/sign-images/
-
C & D.
Reference: https://docs.docker.com/datacenter/ucp/2.2/guides/access-control/grant-permissions/
-
B.
Reference: https://docs.docker.com/datacenter/ucp/2.2/guides/access-control/
-
A , B , C, D.
Reference: https://docs.docker.com/engine/security
-
A , B , C.
-
D.
https://docs.docker.com/datacenter/ucp/2.2/guides/admin/configure/external-auth/
-
A.
https://docs.docker.com/datacenter/ucp/2.2/guides/architecture/#under-the-hood
-
A.
-
A.
-
D.
-
B.
-
A.
-
C.