DCA Flashcards
What are the components of Docker Engine?
- REST API, Docker Daemon
- Images, Containers, Volumes
- Docker CLI, Docker Daemon, REST API
Docker CLI, Docker Daemon, REST API
What component of the docker engine manages the images, containers, volumes, and networks on a host?
- REST API
- Docker Daemon
- Docker CLI
Docker Daemon
What component of the Docker architecture is responsible for managing containers on Linux on version 1.15 of Docker Engine?
- LibContainer
- Docker API
- LXC
LibContainer
We can run containers without installing Docker?
- True
- False
True
Which component is responsible for keeping the containers alive when the Docker Daemon goes down?
- LibContainer
- Runc
- Containerd
- Containerd-Shim
Containerd-Shim
What are the primary objects that Docker engine manages?
- RunC
- LibContainer
- Images, Containers, Volumes, Networks
- Images, Containers, Volumes, Networks
By default, data stored inside the container is always persistent?
- True
- False
False
By default, Docker is configured to look for images on Google Cloud Registry?
- True
- False
False
Which component is a read-only template used for creating a Docker container?
- Docker Network
- Docker Images
- Container
- Docker volume
Docker Images
What is the default data directory for Docker?
- /var/lib/docker
- /var/log/docker
- /etc/docker
- /home/docker
/var/lib/docker
What does OCI stand for?
- Open Communication Initiative
- Open Container Initiative
- Open Command Interface
- Open Container Interface
Open Container Initiative
What are the 2 specifications from OCI?
- container-spec
- runtime-spec
- image-spec
- oci-spec
- libcontainer-spec
- runtime-spec
- image-spec
What is the command to view the version of docker engine installed?
- docker –version
- docker version
- docker engine info
- docker info engine
docker version
What is the command to start docker daemon manually?
- docker
- dockerd
- docker-engine
- docker –start-engine
dockerd
On what interfaces are the docker daemon made available by default?
- TCP socket
- UDP socket
- Unix socket
- 192.168.1.10
Unix Socket
What is the port conventionally used to configure un-encrypted traffic on TCP?
- 2345
- 2346
- 2375
- 2376
2375
What file is used to configure the docker daemon?
- /var/lib/docker/docker.conf
- /var/lib/docker/daemon.json
- /etc/docker/daemon.json
- /etc/docker/daemon.conf
- /etc/docker/daemon.json
What flags are used to configure encryption on docker daemon?
- tlsverify, tlscert, tlskey
- tlsverify, key, cert
- key, cert, tls
- host, key, cert, tls
tlsverify, tlscert, tlskey
What is the default network driver used when a container is created?
- overlay
- bridge
- none
- host
bridge
What is the command used to list the running containers on the Docker Host?
- docker container ls
- docker container start
- docker container stop
- None of the above
docker container ls
Which of the below commands create a container with nginx image and name nginx?
- docker container create nginx –name nginx
- docker container –name nginx nginx
- docker container run nginx
- docker container create –name nginx nginx
docker container create –name nginx nginx
How to list all running and stopped containers and their status?
- docker container ls
- docker container ls -a
- docker container ls -aq
- docker container ls -q
docker container ls -a
How to start a stopped Container?
docker container start nginx
How do I get only the IDs of running containers?
docker container ls -q
What is the option used in docker run command to attach to the terminal of the container in an interactive mode?
-it
What is the command to change the container name “httpd” to “webapp”?
- docker container rename httpd webapp
- docker container rename webapp httpd
- docker container replace –name httpd webapp
- docker container create –name webapp httpd
docker container rename httpd webapp
What is the command to run a “nginx” container in a detached mode with name “webapp”?
- docker container run -it –name webapp nginx
- docker container run -it –name nginx webapp
- docker container run -d –name webapp nginx
- docker container run -d –name nginx webapp
docker container run -d –name webapp nginx
You cannot start a killed container?
- True
- False
False
Delete the stopped container named “webapp”.
- docker container delete webapp
- docker container remove webapp
- docker container kill webapp
- docker container rm webapp
docker container rm webapp
Run a container called webapp with image nginx, and in an interactive mode.
- docker container run -it nginx
- docker container run -it nginx –name webapp
- docker container run nginx
- docker container run -it –name webapp nginx
- docker container run -it –name webapp nginx
Which combination of keys are used to escape from the shell and keep the container webapp running?
- Ctrl + c
- Ctrl+p+q
- exit, Ctrl+p+q
- Ctrl+c,exit
Ctrl+p+q
Which combination of keys are used to exit from the shell and stop the container webapp?
- Ctrl+c
- Ctrl+p+q
- Ctrl+p
- Ctrl+z
Ctrl+c
You have a running container and want to execute a command inside it. Which command will you use?
- execute
- run
- start
- exec
exec
We deployed a container called webapp. Inspect this container to get the IPPrefixLen
- docker container inspect webapp | grep IPPrefixLen
- docker container top webapp | grep IPPrefixLen
- docker container run webapp | grep IPPrefixLen
- docker container logs webapp | grep IPPrefixLen
docker container inspect webapp | grep IPPrefixLen
We have deployed some containers. What command is used to get the container with the highest memory?
- docker container stats
- docker container status
- docker container top
- docker container ls
docker container stats
How to display the running processes inside the container?
- docker container top container-name
- docker container stats container-name
- docker ps container-name
- docker container logs container-name
docker container top container-name
You have a webapp container and image httpd.
Inspect the logs of the webapp container.
Which command is used to get the stream logs of the webapp container so that you can view the logs live?
docker container logs -f webapp
Which command returns only new and/or live events?
- docker system info
- docker container events
- docker container events -f
- docker system events
docker system events
Which command returns events since the paste 30 minutes?
- docker system events since 30m
- docker system events –since 30m
- docker container events –since 30m
- docker container events since 30m
docker system events –since 30m
Which command is used to get the events of the container named “webapp”? (This one is for you to read the documentation)
- docker system events since 10m
- docker system events –filter ‘container=webapp’
- docker system events –filter ‘image=webapp’
docker system events –filter ‘container=webapp’
Run a container named webapp with nginx image in detached mode. Select the right answer.
- docker container run –detach –name=webapp nginx
- docker container run –detach –name=nginx webapp
- docker container create -d –name=nginx webapp
- docker container create -d nginx
docker container run –detach –name=webapp nginx
Stop the container named “nginx”
- docker container halt nginx
- docker container stop nginx
- docker container rm nginx
- docker container pause nginx
docker stop container nginx
How do you list running & stopped containers?
- docker container ls -a
- docker container ls -q
- docker container ls
- docker container ls -q, docker container ls
docker container ls -a
Delete the “webapp” Container. Select the right answer.
- docker container delete webapp
- docker container remove webapp
- docker container kill webapp
- docker container rm webapp
docker container rm webapp
Stop all running containers on the host. Select the right answer.
- docker container stop $(docker container ls -a)
- docker container rm $(docker container ls -q)
- docker container stop $(docker container ls -q)
- docker container stop –all
docker container stop $(docker container ls -q)
Delete all running and stopped containers on the host. (Explore the documentation to identify an option to force remove running containers)
- docker container stop $(docker container ls -q)
- docker container rm $(docker container ls -q)
- docker container stop $(docker container ps -q)
- docker container rm -f $(docker container ls -aq)
docker container rm -f $(docker container ls -aq)
Which command is used to delete the stopped containers?
- docker container remove $(docker container ls -aq)
- docker container rm $(docker container ls -aq)
- docker container prune
- docker container rm –all
docker container prune
What is the command to pause a running container?
- docker container pause
- docker container –pause
- docker container halt
- docker container SIGSTOP
docker container pause
What are the signals sent to a running container when the docker container stop command is executed?
- SIGSTOP followed by SIGKILL
- SIGTERM followed by SIGKILL
- SIGKILL followed by SIGTERM
- SIGKILL followed by SIGSTOP
SIGTERM followed by SIGKILL
Run a container with image nignx, name nginx and hostname webapp.
- docker container run -d –name webapp –hostname=webapp nginx
- docker container run -d –name nginx webapp
- docker container run -d –name nginx –hostname=webapp nginx
- docker container run -d –name webapp nginx
docker container run -d –name nginx –hostname=webapp nginx
What is the hostname set on the container when the following command is run: docker container run -d –name webapp httpd
- webapp
- apache
- httpd
- containers unique id
containers unique id
What is the default restart policy?
- unless-stopped
- on-failure
- no
- always
no
Which policy would restart the containers even after the docker daemon is restarted?
- unless-stopped
- on-failure
- always
- always, unless-stopped
always
Which policy is used to restart a container unless it is explicitly stopped or Docker is restarted?
- unless-stopped
- on-failure
- no
- always
unless-stopped
Which command can be used to check the restart policy of webapp container?
- docker container inspect webapp
- docker container info webapp
- docker container check webapp
- None of above
docker container inspect webapp
Restart container unless it is explicitly stopped or Docker is restarted.
- unless-stopped
- on-failure
- no
- always
unless-stopped
Which command should be used to update the httpd container with the always policy?
- docker container update –restart always httpd
- docker container unpause –restart always httpd
- docker container upgrade –restart always httpd
docker container update –restart always httpd
Which command should be used to update all the running containers with unless-stopped policy?
- docker container upgrade –restart unless-stopped $(docker container ls -q)
- docker container update –restart unless-stopped $(docker container ls -q)
- docker container upgrade –restart unless-stopped $(docker container ls -aq)
- docker container update –restart unless-stopped $(docker container ls -aq)
docker container update –restart unless-stopped $(docker container ls -q)
Which option is used to reduce container downtime due to daemon crashes, planned outages, or upgrades?
- Restart Policy
- Swarm
- LIve Rest
Live Restore
What is the path file which is used to add the live restore?
- /etc/docker/daemon.json
- /var/lib/docker/daemon.json
- /var/log/docker/daemon.json
- /var/lib/docker
/etc/docker/daemon.json
How to enable the live restore setting to keep containers alive when the daemon becomes unavailable?
- echo ‘{“live-restore”: true}’»_space; /etc/docker/daemon.json
- echo ‘{“live-restore”: true}’»_space; /var/lib/docker/daemon.json
- echo ‘{true: “live-restore”}’»_space; /etc/docker/daemon.json
- echo ‘{true: “live-restore”}’»_space; /var/lib/docker/daemon.json
echo ‘{“live-restore”: true}’»_space; /etc/docker/daemon.json
Which of the below commands may be used to copy a file /web.conf from a container named webapp with id 89683681 to the /tmp directory on the host?
- docker container cp /tmp/web.conf webapp:/etc/web.conf
- docker container cp webapp:/web.conf /webapp
- docker container cp 89683681:/web.conf /tmp/
- docker container cp webapp:/web.conf /tmp/
docker container cp webapp:/web.conf /tmp/
Copy the /etc/nginx directory from the webapp container to the docker host under /tmp/.
- docker container copy webapp:/etc/nginx /tmp/
- docker container cp webapp:/etc/nginx /tmp/
- docker container copy /tmp/ webapp:/etc/nginx
- docker container cp /tmp/ webapp:/etc/nginx
docker container cp webapp:/etc/nginx /tmp/
What is the command to copy the file /root/myfile.txt from the host to /root/ of the webapp container?
- docker container copy /root/myfile.txt webapp:/root/
- docker container cp /root/myfile.txt webapp:/root/
- docker container copy webapp:/root/ /root/myfile.txt
- docker container cp webapp:/root/ /root/myfile.txt
docker container cp /root/myfile.txt webapp:/root/
We can copy a file from a stopped container?
- True
- False
True
Data inside a container is persistent?
True
False
False
You can run multiple instances of the same application on the docker host?
True
False
True
You can map the same port on the Docker host more than once?
False
Which option could be used to expose a webapp container to the outside world?
- p
- P
- -publish
- -expose
- p
- P
- -publish
Map TCP port 80 in the container to port 8080 on the Docker host for connections to host IP 192.168.1.10 . Select the all right answers
- p 192.168.1.10:8080:80
- p 192.168.1.10:80:8080
- p 192.168.1.10:8080:80/tcp
- p 192.168.1.10:8080:8080
-p 192.168.1.10:8080:80
Unless specified otherwise, docker publishes the exposed port on all network interfaces.
- True
- False
True
Map UDP port 80 in the container to port 8080 on the Docker host.
-p 8080:80/udp
-p 80:8080/udp
-P 8080:80/udp
None of the above
-p 8080:80/udp
How does the -P option in the docker container run command know what ports to publish on the container?
- It identifies the ports listening inside the container using netstat command
- It uses the ExposedPorts field set on the container or the EXPOSE instruction in the Dockerfile
- It requires the –expose command line argument
- It assigns random ports between 32768 and 61000
It uses the ExposedPorts field set on the container or the EXPOSE instruction in the Dockerfile
How does docker map a port on a container to a port on the host?
- Using an internal load balancer
- FirewallD Rules
- Using an external load balancer
- IPTables Rules
IPTables Rules
What IPTables chains does Docker modify to configure port mapping on a host?
- INPUT
- FORWARD
- DOCKER
- OUTPUT
DOCKER
How to check the logs of the docker daemon?
- journalctl -u docker.service
- less /var/log/messages
- less /var/log/daemon.log
- /var/log/docker.log
journalctl -u docker.service
less /var/log/messages
less /var/log/daemon.log
/var/log/docker.log
Enable the debugging mode. Select the right answer
- echo ‘{“debug”: true}’ > /etc/docker/daemon.json
- echo ‘{“debug”}’ > /etc/docker/daemon.json
- echo ‘{“debug”: true}’ > /var/lib/docker/daemon.json
- echo ‘{“debug”}’ > /var/lib/docker/daemon.json
echo ‘{“debug”: true}’ > /etc/docker/daemon.json
How to check if the docker service is running or not?
- docker status
- sudo systemctl status docker
- sudo systemctl docker status
- sudo service status docker
sudo systemctl status docker
Which environment variable will be used to connect a remote docker server?
- DOCKER_REMOTE
- DOCKER_HOST
- DOCKER_CONFIG
None of the above
DOCKER_HOST
What may be the cause of this error: “unable to configure the Docker daemon with file /etc/docker/daemon.json: the following directives are specified both as a flag and in the configuration file: tls: (from flag: true, from file: false)”?
The tls flag is set to true in daemon.json file and false in the command line
The tls flag is set to false in daemon.json file and true in the command line
The tls flag is not set on the command line
The tls flag is not set in the daemon.json file
The tls flag is set to false in daemon.json file and true in the command line
What is the default logging driver?
json-file
syslog
journald
splunk
json-file
Where is the log of the webapp container with id 78373635 on the Docker Host?
/var/lib/docker/containers/78373635/78373635.json
/var/log/docker/78373635.json
/etc/docker/78373635.json
/var/lib/docker/tmp/78373635/78373635.json
/var/lib/docker/containers/78373635/78373635.json
Which command is used to check the default logging driver?
docker system df
docker system events
docker system prune
docker system info
docker system info
How to change the default logging driver to syslog?
echo ‘{“log-driver”: “syslog”}’ > /etc/docker/daemon.json
echo ‘{“syslog”: “log-driver”}’ > /etc/docker/daemon.json
echo ‘{“log-driver”: “syslog”}’ > /var/lib/docker/daemon.json
echo ‘{“syslog”: “log-driver”}’ > /var/lib/docker/daemon.json
echo ‘{“log-driver”: “syslog”}’ > /etc/docker/daemon.json
Run a webapp container, and make sure that no logs are configured for this container.
docker run -it –log-driver none webapp
docker run -it –logging-driver none webapp
docker run -it webapp
docker run -it –log none webapp
docker run -it –log-driver none webapp
Which of the below commands create a container with redis image and name redis?
docker container create redis –name redis
docker container –name redis redis
docker container run redis
docker container create –name redis redis
docker container create –name redis redis
We have deployed some containers. What command is used to get the container with the highest memory?
docker container stats
docker container status
docker container top
docker container ls
docker container stats
Run a container called apps with image nginx, and in an interactive mode.
docker container run -it nginx
docker container run -it nginx –name apps
docker container run nginx
docker container run -it –name apps nginx
docker container run -it –name apps nginx
You can run multiple instances of the same application on the docker host.
True
False
True
Which of the below commands create a container with redis image and name redis?
docker container create redis –name redis
docker container –name redis redis
docker container run redis
docker container create –name redis redis
docker container create –name redis redis
Which command should be used to update the restart policy of the httpd container with always?
docker container update –restart always httpd
docker container unpause –restart always httpd
docker container upgrade –restart always httpd
None of the above
docker container update –restart always httpd
You can map multiple containers to the same port on the Docker host.
True
False
False
Which command is used to check the default logging driver?
docker system df
docker system events
docker system prune
docker system info
docker system info
What is the command to copy the file /root/myconfig.txt from the host to /root/ of the data container?
docker container copy /root/myconfig.txt data:/root/
docker container cp /root/myconfig.txt data:/root/
docker container copy data:/root/ /root/myconfig.txt
docker container cp data:/root/ /root/myconfig.txt
docker container cp /root/myconfig.txt data:/root/
Which command is used to update all running containers with the <code>unless-stopped</code> restart policy?
docker container upgrade –restart unless-stopped $(docker container ls -q)
docker container update –restart unless-stopped $(docker container ls -q)
docker container upgrade –restart unless-stopped $(docker container ls -aq)
docker container update –restart unless-stopped $(docker container ls -aq)
docker container update –restart unless-stopped $(docker container ls -aq)
What is the purpose of a private registry?
tightly control where your images are being stored
fully own your images distribution pipeline
integrate image storage and distribution tightly into your in-house development workflow
All of the above
All of the above
What is the default public registry for docker?
Docker Hub
Amazon Container Registry
Google Container Registry
Docker Trusted Registry
Docker Hub
What is the default tag if not specified when building an image with the name webapp?
none
default
latest
v1
latest
Run ubuntu container with the trusty tag.
docker run ubuntu
docker run ubuntu:latest
docker run ubuntu:trusty
docker run ubuntu -t trusty
docker run ubuntu:trusty
Select the right answer. Which command is used to list the local images?
docker image ls
docker images ls
docker container image ls
docker container images ls
docker image ls
List the full length image IDs. (Please explore documentation)
docker image ls –digests
docker images –digests
docker images –no-trunc
None of the above
docker images –no-trunc
Display images with a name containing postgres, at least 12 stars.
docker find –filter=stars=12 postgres
docker search –filter=stars=12 postgres
docker find –limit=12 postgres
docker search –limit=12 postgres
docker search –filter=stars=12 postgres
Download nginx image from the Google Container Registry hub registry.
docker image pull nginx
docker image build nginx
docker image load nginx
docker pull gcr.io/kodekloud/nginx
docker pull gcr.io/kodekloud/nginx
Display images with a name containing busybox, at least 3 stars and are official builds.
docker find –filter is-official=true –filter stars=3 busybox
docker search –filter is-official=true –filter stars=3 busybox
docker find –filter is-official=true –limit=3 busybox
docker search –filter is-official=true –limit=3 busybox
docker search –filter is-official=true –filter stars=3 busybox
What is the command to change the tag of “httpd:latest” to “httpd:v1” ?
docker container image retag httpd:latest httpd:v1
docker container image tag httpd:latest httpd:v1
docker image retag httpd:latest httpd:v1
docker image tag httpd:latest httpd:v1
docker image tag httpd:latest httpd:v1
You have an nginx:v1 image with size 100M. You’ve now created your own version of the image – nginx:v2 by retagging the first image, what is the total size of both?
50M
100M
150M
200M
100M
Which command should be used to get the total size consumed by all images on a host?
docker image list
docker image df
docker system df
docker system list
docker system df
In the output of the “docker system df” command what does the ACTIVE field indicate on the images row?
Number of Images currently available on the system
Number of Images built on the system
Number of Images with containers
Number of containers running on the system
Number of Images with containers
What command might have generated the above output?
docker container ps
docker ps
docker image ps
docker image list
docker image list
Inspect the following output and answer the following questions:
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest c39a868aad02 4 days ago 150MB
redis latest 4760dc956b2d 2 years ago 100MB
ubuntu trusty f975c5035748 2 years ago 100MB
webapp latest c39a868aad02 4 days ago 150MB
alpine latest 3fd9065eaf02 2 years ago 5MB
What is the total space consumed by images on this system?
355 MB
505 MB
405 MB
455 MB
355 MB
When you run the docker image inspect ubuntu command it gives the error “No such image”. Why is that?
Must run the command docker inspect ubuntu/ubuntu
Image Ubuntu does not have the latest tag
Must authenticate to docker hub first before running this command
Must run the command docker image history ubuntu
Image Ubuntu does not have the latest tag
What is the user/account and image/repository name for the image company/nginx?
image=company, user=nginx
image=company, user=company
image=nginx, user=nginx
image=nginx, user=company
image=nginx, user=company
Choose the right command to pull ubuntu image from a private registry at gcr.io
docker pull ubuntu
docker pull kk/ubuntu
docker pull gcr.io/kk/ubuntu
All of the above
docker pull gcr.io/kk/ubuntu
Which command is used to authenticate with azr.com registry which listens on port 5000?
docker auth azr.com:5000
docker login azr.com:5000
docker login azr.com:5000
You are required to store a copy of the official alpine image in your company’s internal docker registry. What would be your approach?
Create a Dockerfile similar to the official image and build an image
Pull the official image, tag it with the address of the internal docker registry and push to the internal docker registry
Pull the official image, tag it with the address of the internal docker registry and push to the internal docker registry
When you log in to a registry, the command stores credentials in … (Please explore the documentation pages for this)
$HOME/.docker/config.json
/etc/docker/.docker/config.json
/var/lib/docker/.docker/config.json
/var/lib/docker/containers/.docker/config.json
$HOME/.docker/config.json
While trying to delete image postgres, you got an error “conflict: unable to remove repository reference “postgres” (must force) – container 1a56b95e073c is using its referenced image adf2b126dda8″. What may be the cause of this error?
A container is using this image
Must use force option to delete an image
Another image is using layers from this image
The image was built locally on this host
A container is using this image
Which command is used to remove webapp:v1 image locally?
docker image rm webapp
docker image rm webapp:v1
docker image remove webapp:v1
docker image del webapp:v1
docker image rm webapp:v1
Remove all unused images on the Docker host
docker image prune -a
docker image rm -a
docker image delete -a
None of the above
docker image prune -a
Display all layers of httpd image along with the size on each layer.
docker image layers httpd
docker image history httpd
docker image inspect httpd
docker images history httpd
docker image history httpd
Which command can be used to get the ExposedPorts of a webapp image?
docker container ls
docker image inspect webapp
docker container inspect webapp
docker image ls
docker image inspect webapp
How to get the Os field alone of the httpd image?
docker image inspect httpd -f ‘{{.Os}}’
docker image ls | grep Os
docker image history | grep Os
docker image inspect httpd -f ‘{{.OperatingSystem}}’
docker image inspect httpd -f ‘{{.Os}}’
Which subcommand will be used to get more info about images?
inspect
load
import
ls
inspect
Print the value of ‘Architecture’ and ‘Os’ for a ‘webapp’ image.
docker image inspect webapp -f ‘{{.Os}}’ -f ‘{{.Architecture}}’
docker image inspect webapp -f ‘{{.Os}} {{.Architecture}}’
docker image inspect webapp -f ‘{{.Os}}’, -f ‘{{.Architecture}}’
docker image inspect webapp -f ‘{{.Os .Architecture}}’
docker image inspect webapp -f ‘{{.Os}} {{.Architecture}}’
Which command can be used to get a backup of image webapp?
docker image backup webapp -o webapp.tar
docker image save webapp -o webapp.tar
docker container save webapp -o webapp.tar
docker container backup webapp -o webapp.tar
docker image save webapp -o webapp.tar
A tarfile – nginx.tar – has been created using the docker image save command. Which command can be used to extract it into your docker host.
docker image import -i nginx.tar
docker image restore -i nginx.tar
docker container restore -i nginx.tar
docker image load -i nginx.tar
docker image load -i nginx.tar
A government facility runs a secure data center with no internet connectivity. A new application requires access to docker images hosted on docker hub. What is the best approach to solve this?
Get the Dockerfile of the image and build a local version from within the restricted environment.
Establish a secure link between the host in the restricted environment and docker hub
Pull docker images from a host with access to docker hub, convert to a tarball using docker image save command, and copy to the restricted environment and extract the tarball
Pull docker images from a host with access to docker hub, then push to a registry hosted within the restricted environment.
Pull docker images from a host with access to docker hub, convert to a tarball using docker image save command, and copy to the restricted environment and extract the tarball
You have created a nginx container and customized it to create your own webpage. How can you create an image out of it to share with others?
docker image save
docker image export
docker export
You can only create an image using a Dockerfile
docker export
How do you restore an image created from the docker export command?
docker container import
docker image import
docker image load
docker image restore
docker image import
The “export” command works with Docker images.
True
False
False
Export webapp container’s filesystem as a tar archive. Select the right answer
docker export webapp mywebapp.tar
docker image export –output=”mywebapp.tar” webapp
docker image save -i mywebapp.tar
docker container export webapp > mywebapp.tar
docker container export webapp > mywebapp.tar
Which of the following commands is used to list the docker images on the Docker Host?
docker images
docker image ls
docker image get
docker ls image
docker image
Which of the following commands used to match all images with the com.example.version label?
docker images –label=”com.example.version”
docker images –filter “com.example.version”
docker images –filter “label=com.example.version”
docker images –format “label=com.example.version”
docker images –filter “label=com.example.version”
Which of the following is not an instruction supported in the Dockerfile? Select the all right answers.
EXPOSE
ADD
WORKDIR
EXEC
EXEC
The … is a text document that contains all the commands a user could call on the command line to assemble an image.
Dockerfile
Docker Compose
.dockerignore
build context
Dockerfile
Which method can be used to build an image using existing containers?
docker commit
docker export
docker save
docker load
docker export
The container being committed and its processes will be paused while the image is committed.
True
False
True
We have a running container named webapp with the nginx image. We added a custom html file to this container. How do we create an image named mynginx from this container?
docker container commit webapp mynginx
docker container commit mynginx webapp
docker container update webapp mynginx
None of the above
docker container commit webapp mynginx
The docker container commit is the recommended approach for building a custom image.
True
False
False
You are required to create an image from an existing image. What is the recommended approach?
Use docker image export and docker image import command
Use docker container export and docker container import command
Use docker image save and docker image load command
Use docker container commit command
Use docker image save and docker image load command
You are required to create an image from an existing container. What is the recommended approach?
Use docker image export and docker image import command
Use docker container export and docker container import command
Use docker container commit command
Use docker container export and docker image import command
Use docker container export and docker image import command
FROM python:3.6 RUN pip install flask COPY . /opt/ EXPOSE 8080 WORKDIR /opt ENTRYPOINT ["python", "app.py"]
What is the parent image from which this application is created?
ubuntu:latest
python
centos:7
python:3.6
python:3.6
FROM python:3.6 RUN pip install flask COPY . /opt/ EXPOSE 8080 WORKDIR /opt ENTRYPOINT ["python", "app.py"]
To what location within the container is the application code copied to?
/opt
/app
/root
/var
/opt
FROM python:3.6 RUN pip install flask COPY . /opt/ EXPOSE 8080 WORKDIR /opt ENTRYPOINT ["python", "app.py"]
When a container is created using the image built with the following Dockerfile, what is the command used to RUN the application inside it.
pip install flask
docker run app.py
app.py
python app.py
python app.py
FROM python:3.6 RUN pip install flask COPY . /opt/ EXPOSE 8080 WORKDIR /opt ENTRYPOINT ["python", "app.py"]
What is the port of the web application configured for the service to listen within the container?
8080
5000
80
0.0.0.0
What is the port of the web application configured for the service to listen within the container?
8080
5000
80
0.0.0.0
Whenever a build is initiated by running the Docker build command, the files under the build context are transferred to the Docker daemon, at a temporary directory under the docker’s filesystem. Which directory are these files stored in?
/var/lib/docker/tmp
/var/lib/docker/image
/var/lib/docker/volumes
/var/lib/docker/plugins
/var/lib/docker/tmp
Which of the below commands may be used to build an image with the Dockerfile filename?
docker build .
docker build -f Dockerfile .
docker build -t Dockerfile2 .
docker build -t .
docker build .
docker build -f Dockerfile .
While building a docker image from code stored in a remote URL, which command will be used to build from a directory called docker in the branch dev?
docker build https://github.com/kk/dca.git#dev:docker
docker build https://github.com/kk/dca.git#docker:dev
docker build https://github.com/kk/dca.git:dev
docker build https://github.com/kk/dca.gitdev:#docker
docker build https://github.com/kk/dca.git#dev:docker
A build’s context is the set of files located in the specified PATH or URL, Which kind of resources can the URL parameter refer to ?
Git repositories
pre-packaged tarball contexts
Path to a local directory
Git repositories
Path to a local directory
Choose the correct flag to apply a tag to an image done.
- i
- p
- f
- t
-t
If you do not specify a tag name, you can’t build the image.
True
False
False
Build an image using a context build under path /tmp/docker and name it webapp.
docker build /tmp/docker
docker build /tmp/docker -t webapp
docker build webapp -t /tmp/docker
docker pull -it /tmp/docker bash
docker build /tmp/docker -t webapp
What is the default tag if not specified when building an image with the name webapp?
none
default
latest
v1
latest
What is the command to build an image using a Dockerfile.dev file under path /opt/myapp with the name webapp. The current directory you are in is /tmp.
docker build Dockerfile.dev -t webapp /opt/myapp
docker build -f /opt/myapp/Dockerfile.dev /opt/myapp -t webapp
docker build -f Dockerfile.dev /opt/myapp -t webapp
docker build -t Dockerfile.dev -name webapp -f /opt/myapp
docker build -f /opt/myapp/Dockerfile.dev /opt/myapp -t webapp
What is the file used to exclude temporary files such as log files or builds from the context during a build?
.git
.gitignore
.dockerignore
None of the above
.dockerignore
If the build fails at a particular stage, it repurposes the previous layers from the cache and does not really rebuild them.
True
False
True
What is a recommended approach for installing packages and libraries while building an image?
Download packages on the host and use ADD instructions to add them to the image.
Use the ADD instruction to provide a URL to the package on the remote host.
Use the RUN instruction and have the apt-get update and apt-get install commands on the same instruction.
Use the RUN instruction and have the apt-get update and apt-get install commands as separate instructions.
Use the RUN instruction and have the apt-get update and apt-get install commands on the same instruction.
Using RUN apt-get update && apt-get install -y ensures your Dockerfile installs the latest package versions with no further coding or manual intervention. This technique is known as …..
Docker-stack
Cache busting
Version pinning
Build-context
Cache busting
What is a best practice while installing multiple packages as part of the install instruction?
Add them on the same line
Add them on separate lines separated by a slash in alphanumeric order
Add a separate instruction for each package
Add them on separate lines separated by a slash
Add them on separate lines separated by a slash in alphanumeric order
Which among the following scenarios will lead to docker invalidating cache on a given layer?
Change in instruction
Change in a file used with the ADD instruction
Addition of a new instruction at the end of the file
Release of a new version of a package installed with the RUN instruction
Change in instruction
Change in a file used with the ADD instruction
…… forces the build to install a particular version of package regardless of what’s in the cache. This technique can also reduce failures due to unanticipated changes in required packages.
Docker-stack
Cache busting
Version pinning
Build-context
version pinning
What is a recommended approach to reduce build time while building docker images?
Instructions likely to change more often must be at the top of the Dockerfile
Instructions likely to change more often must be at the bottom of the Dockerfile
Instructions likely to change more often must be in the middle of the Dockerfile
The order of the instructions within the Dockerfile doesn’t matter.
Instructions likely to change more often must be at the bottom of the Dockerfile
What is a recommended approach to reduce build time while building docker images?
Instructions likely to change more often must be at the top of the Dockerfile
Instructions likely to change more often must be at the bottom of the Dockerfile
Instructions likely to change more often must be in the middle of the Dockerfile
The order of the instructions within the Dockerfile doesn’t matter.
Instructions likely to change more often must be at the bottom of the Dockerfile
A Dockerfile is built from the Ubuntu image as the base image. What would happen to the cache when a new version of the Ubuntu image is made available at Dockerhub?
Cache is invalidated and docker pulls the new image and recreates from scratch.
Cache is not invalidated and docker continues to use existing cache.
The cache is not invalidated and docker continues to use the existing cache.
Which option can be used to disable the cache while building a docker image? (Explore the docker documentation for this)
–no-cache=true
–force-rm=true
–cache-from true
None of the above
–no-cache=true
COPY instruction only supports the basic copying of local files into the container.
True
False
True
What is the right instruction to download a file from “https://file.tar.xz” and copy to “/testdir” in the image?
ADD https://file.tar.xz /testdir
COPY https://file.tar.xz /testdir
RUN https://file.tar.xz /testdir
None of the above
ADD https://file.tar.xz /testdir
COPY instruction has some features like local-only tar extraction and remote URL support.
True
False
False
Which instruction(s) can be used in the Dockerfile to copy content from the local filesystem into the containers?
ADD
COPY
MOVE
RUN
ADD
COPY
Which of the following is the correct format for CMD instruction?
CMD [“executable”,”param1”,”param2”]
CMD [“param1”,”param2”]
CMD command param1 param2
CMD command,param1,param2
CMD [“executable”,”param1”,”param2”]
CMD command param1 param2
If CMD is used to provide default arguments for the ENTRYPOINT instruction, both the CMD and ENTRYPOINT instructions should be specified.
True
False
True
When a user runs the command docker run my-custom-image sleep 1000
docker overrides the ENTRYPOINT instruction with “sleep 1000”
docker overrides the CMD instruction with “sleep 1000”
docker override ENTRYPOINT instruction with “sleep” and CMD instruction with “1000”
docker overrides the CMD instruction with “sleep 1000”
Choose the correct instruction to add the echo “Hello World” command in the Dockerfile.
CMD [echo “Hello World”]
CMD [“echo”, “Hello World”]
CMD [“Hello World”]
None of the above
CMD [“echo”, “Hello World”]
What is the output of the following Dockerfile snippet when container runs as docker run -it < image> ?
ENTRYPOINT [“/bin/echo”, “Hello”]
CMD [“world”]
Hello world
Hello
world
world Hello
Hello world
What is the output of the following Dockerfile snippet when container runs as docker run -it kk ?
ENTRYPOINT [“/bin/echo”, “Hello”]
CMD [“World”]
Hello kk
Hello
World kk
kk Hello
Hello kk
f you list more than one CMD instruction in the Dockerfile then only the last CMD will take effect.
True
False
True
A parent image is an image that your image is based on. It refers to the contents of the FROM directive in the Dockerfile.
True
False
True
A parent image has FROM scratch in its Dockerfile.
True
False
False
While building an image, You have one base image, but there could be multiple parent images.
True
False
True
How do you identify if a Docker file is configured to use multi-stage builds?
The Dockerfile has the tag multi-stage at the top
The Dockerfile has multiple FROM instructions
The Dockerfile has multiple RUN instructions
The Dockerfile is built from the scratch image
The Dockerfile has multiple FROM instructions
The “–from=0” in the following Dockerfile instruction line refers to:
“COPY –from=0 /go/src/github.com/alexellis/href-counter/app .”
The base image specified in the FROM instruction of the first set of instructions.
The base image specified in the FROM instruction of the second set of instructions.
The image built using the first set of instructions in the Dockerfile.
The image built using the last set of instructions in the Dockerfile
The image built using the first set of instructions in the Dockerfile.
By default, the stages are not named, and you refer to them by their integer number, starting with 1 for the first FROM instruction in the multi-stage build.
True
False
False
Name the stage which uses nginx as a base image to builder in the Dockerfile.
FROM nginx
FROM nginx AS builder
The last image build
FROM node AS builder
FROM nginx AS builder
What is the instruction used to copy a file from an external image named redis not part of any stage in the multi-stage build process. (Refer to the documentation for this one)
–from=redis
–from=0
–copy-from=redis
–copy-from=0
–from=redis
You are developing an e-commerce application. The application must store cart details of users temporarily as long as the user’s session is active. What is the recommended approach to storing the cart details with the application deployed as a docker container?
Store the cart details in the /tmp directory of the container
Store the cart details in the memory of the container
Store the cart details in a volume backed by a in-memory cache service like redis
Store the cart details in a volume backed by a in-memory cache service like redis
It’s recommended to avoid sending unwanted files to the build context by using .gitignore file to exclude those files.
True
False
False
An application you are developing requires an httpd server as frontend, a python application as the backend API server, a MongoDB database and a worker developed in Python. What is the recommended approach in building images for these containers?
Build httpd, python API server, MongoDB database, and Python worker into a single image to allow ease of deployment
Build httpd into an image, MongoDB database to another, and Python API and worker together into a single image
Build separate images for each component of the application
Build separate images for each component of the application
Which of the below can help minimize the image size?
Only install necessary packages within the image
Avoid sending unwanted files to the build context using .dockerignore
Combine multiple dependent instructions into a single one and clean up temporary files
Move the instructions that are likely to change most frequently to the bottom of the Dockerfile
Use multi-stage builds
- Only install necessary packages within the image
- Combine multiple dependent instructions into a single one and clean up temporary files
- Use multi-stage builds
Which is the recommended approach to install packages following the best practices in Dockerfile?
RUN apt-get update && apt-get install -y git httpd
RUN apt-get update && apt-get install -y \
git \
httpd
RUN apt-get update \
RUN apt-get install -y git \
RUN apt-get install -y httpd
RUN apt-get update && apt-get install -y \
git \
httpd
Which of the below steps can help minimize the build time of images?
Only install necessary packages within the image
Avoid sending unwanted files to the build context using .dockerignore
Combine multiple dependent instructions into a single one and clean up temporary files
Move the instructions that are likely to change most frequently to the bottom of the Dockerfile
Use multi-stage builds
- Avoid sending unwanted files to the build context using .dockerignore
- Move the instructions that are likely to change most frequently to the bottom of the Dockerfile
Which of the following tag image will get when creating a redis container with image redis?
docker run -itd –name redis redis
none
default
v1
latest
latest
Which of the below statements are true:
By default a container runs with 1 vCPU and 500 MB of memory
By default a container runs with unlimited CPU and Memory resources
By default a container runs with 0.5 vCPU and 500 MB of memory
By default a container runs with unlimited vCPU and 500 MB of memory
By default a container runs with unlimited CPU and Memory resources
What will happen if the –memory-swap is set to -1?
the container does not have access to swap.
the setting is ignored, and the value is treated as unset.
the container is allowed to use unlimited swap.
None of the above
the container is allowed to use unlimited swap.
Each container gets a CPU share of …. assigned by default.
256
512
1024
2048
1024
What is a linux feature that prevents a process within the container to access raw sockets?
Control Groups (CGroups)
Namespaces
Kernel Capabilities
Network Namespaces
Kernel Capabilities
By default, all containers get the same share of CPU cycles. How to modify the shares?
docker container run –cpu-shares=512 nginx
docker container run –cpuset-cups=512 nginx
docker container run –cpu-quota=512 nginx
docker container run –cpus=512 nginx
docker container run –cpu-shares=512 nginx
Which command is used to list the default available networks? docker network --filter docker network get docker network ls None of the above
docker network ls
Which command is used to see the network settings and IP address assigned to a container with id c164825bb3d3 that uses the myapp image?
docker inspect myapp
docker container ls myapp
docker container ls c164825bb3d3
docker inspect c164825bb3d3
docker inspect c164825bb3d3
What is the default network driver used on a container if you haven’t specified one?
host
bridge
overlay
Macvlan
bridge
Overlay networks connect multiple Docker daemons together and enable swarm services to communicate with each other.
True
False
True
If you use the …… network mode for a container, that container’s network stack is not isolated from the Docker host (the container shares the host’s networking namespace), and the container does not get its own IP-address allocated.
host
bridge
overlay
Macvlan
host
How to get the subnet, gateway of the network c0a0b59a3807?
docker info c0a0b59a3807
docker container inspect c0a0b59a3807
docker network inspect c0a0b59a3807
docker inspect c0a0b59a3807
docker network inspect c0a0b59a3807
Which of the following commands would create a user-defined bridge network called my-net?
docker network create my-net
docker create network my-net
docker network create -d bridge my-net
docker network create –type bridge my-net
docker network create –driver bridge my-net
docker network create my-net
docker network create –driver bridge my-net
What is the command to connect a running container with name myapp to the existing bridge network my-net?
docker container connect myapp my-net
docker container attach myapp my-net
docker network connect my-net myapp
docker network connect myapp my-net
docker network connect my-net myapp
What is the command to remove all unused networks?
docker network create my-net
docker network rm my-net
docker network prune
docker network rm –all
docker network prune
What is the command to remove the my-net network?
docker network create my-net
docker network rm my-net
docker network connect my-net
None of the above
docker network rm my-net
Which of the following commands would create a user-defined bridge network called dev-net?
docker network create dev-net
docker create network dev-net
docker network create -d bridge dev-net
docker network create –type bridge dev-net
docker network create –driver bridge dev-net
docker network create dev-net
docker network create -d bridge dev-net
docker network create –driver bridge dev-net
What is the command to connect a running container with name myapp to the existing bridge network dev-net?
docker container connect myapp dev-net
docker container attach myapp dev-net
docker network connect dev-net myapp
docker network connect myapp dev-net
docker network connect dev-net myapp
What is the command to remove all unused networks from the Docker host?
docker network create cisco-net
docker network rm web-net
docker network prune
docker network rm –all
docker network prune
What is the command to delete the network named connector?
docker network prune connector
docker network rm connector
docker network delete connector
None of the above
docker network rm connector
What is the command to list all available networks?
docker network ls
docker network show
docker network display
docker get network
docker network ls
Which command is used to see the IP address and other network settings assigned to a container with id 33373b1ccc3f that uses the wordpress image?
docker inspect wordpress
docker container ls wordpress
docker container ls 33373b1ccc3f
docker inspect 33373b1ccc3f
docker inspect 33373b1ccc3f
What is the default network driver used on a container if you haven’t specified one?
host
bridge
overlay
All of the above
What is the default network driver used on a container if you haven’t specified one?
host
bridge
overlay
All of the above
If you use the … network mode for a container, that container’s network stack is not isolated from the Docker host (the container shares the host’s networking namespace), and the container does not get its own IP-address allocated.
bridge
overlay
host
none
host
Which command is used to disconnect the my-net network from the redis container?
docker network rm redis my-net
docker network disconnect redis my-net
docker network disconnect my-net redis
docker network disconnect redis
docker network disconnect my-net redis
Which command is used to see the details of the subnet and gateway of network id ce982a9edf65?
docker info ce982a9edf65
docker container inspect ce982a9edf65
docker show ce982a9edf65
docker network inspect ce982a9edf65
docker network inspect ce982a9edf65
By default, all files created inside a container are stored on a writable container layer.
True
False
True
Volumes are the preferred mechanism for persisting data generated by and used by Docker containers.
True
False
True
What is the command to remove unused volumes?
docker container rm my-vol
docker volume rm my-vol
docker volume prune
docker volume rm –all
docker volume prune
What is the command to create a volume with the name my-vol?
docker volume create my-vol
docker create volume my-vol
docker volume prune
docker volume rm all
docker volume create my-vol
What is the command to list volumes?
docker volume ls
docker volume prune
docker volume get
None of the above
docker volume ls
What is the command to get details of the volume my-vol such as the driver, mountpoint, volumename, ..etc?
docker volume inspect my-vol
docker volume fetch my-vol
docker volume get my-vol
docker volume ls my-vol
docker volume inspect my-vol
Which command is used to remove the my-vol volume?
docker volume del my-vol
docker volume remove my-vol
docker volume prune my-vol
docker volume rm my-vol
docker volume remove my-vol
docker volume rm my-vol
The volumes are mounted as “readonly” by default inside the container if no options are specified.
True
False
False
You can remove a vol1 which is in use by a container using the command docker volume rm –force vol1.
True
False
False
Which option is used to mount a volume?
-v
– -volume
– -mount
–volume-mount
- v
- -mount
- -volume
Which among the below is a correct command to start a webapp container with the volume vol2, mounted to the destination directory /app?
docker run -d –name webapp –mount source=vol2,target=/app httpd
docker run -d –name webapp -v vol2:/app httpd
docker run -d –name webapp –volume vol2:/app httpd
docker run -d –name webapp –mount source=vol2,target=/app httpd
docker run -d –name webapp -v vol2:/app httpd
docker run -d –name webapp –volume vol2:/app httpd
Which among the below is a correct command to start a webapp container with the volume vol3, mounted to the destination directory /opt in readonly mode?
docker run -d –name webapp –mount source=vol3,target=/opt,readonly httpd
docker run -d –name webapp -v vol3:/opt:ro httpd
docker run -d –name webapp -v vol3:/opt:readonly httpd
docker run -d –name webapp –volume vol3:/opt:ro httpd
docker run -d –name webapp –mount source=vol3,target=/opt,ro httpd
docker run -d –name webapp –mount source=vol3,target=/opt,readonly httpd
docker run -d –name webapp -v vol3:/opt:ro httpd
docker run -d –name webapp –volume vol3:/opt:ro httpd
By default, all files inside an image are in a writable layer.
True
False
False
Using …… we can configure containers and communication between them in a declarative way.
Docker Compose
Dockerfile
Device Mapper
Build-context
Docker Compose
…….. is a YAML file that contains details about the services, networks, and volumes for setting up a Docker application.
Dockerfile
Docker Compose
.dockerignore
.env
Docker Compose
Which command can be used to create and start containers in foreground using the existing docker-compose.yml?
docker-compose up
docker-compose ps
docker-compose logs
docker-compose stop
docker-compose up
Which command can be used to create and start containers in the background or detached mode in composing the existing docker-compose.yml?
docker-compose up
docker-compose up –background
docker-compose up –detach
docker-compose up -d
docker-compose up –detach
docker-compose up -d
…… is the command to list the containers created by compose file.
docker-compose ls
docker-compose ps
docker-compose list
docker-compose ps
…… is the command to check the logs for the whole stack defined inside compose file.
docker-compose up
docker-compose ps
docker-compose logs
docker-compose up -d
docker-compose logs
Which command can be used to stop (only and not delete) the whole stack of containers created by compose file?
docker-compose down
docker-compose stop
docker-compose destroy
docker-compose halt
docker-compose stop
docker-compose stop command stops and removes the whole stack of containers created by compose file.
True
False
False
Select the right answer. Which command can be used to delete the application stack created using compose file?
docker-compose rm
docker-compose stop
docker-compose down
docker-compose destroy
docker-compose down
Compose files that doesn’t declare a version are considered “version 0”.
True
False
False
Compose files using the version 2 and version 3 syntax must indicate the version number at the root of the document.
True
False
True
With the docker-compose up command, we can run containers on multiple docker hosts.
True
False
False
version: "3.8"
services:
web:
build: .
depends_on:
- db
- redis
volumes:
- .:/code
- logvolume01:/var/log
ports:
- "8080:80"
redis:
image: redis
db:
image: postgres
volumes:
logvolume01: {}
What is the host port on which the web application will be exposed on?
80
8080
Version 1
foobar.com
8080
version: "3.8"
services:
web:
build: .
depends_on:
- db
- redis
volumes:
- .:/code
- logvolume01:/var/log
ports:
- "8080:80"
redis:
image: redis
db:
image: postgres
volumes:
logvolume01: {}
Which of the following statements are true?
All of the web, redis and db images will be built before deploying containers.
The redis image will be built and the web image will be pulled from Dockerhub if it doesn’t already exist on the host.
The web image will be built and the redis image will be pulled from Dockerhub if it doesn’t already exist on the host.
All images will be pulled from Dockerhub.
The web image will be built and the redis image will be pulled from Dockerhub if it doesn’t already exist on the host.
version: "3.8"
services:
web:
build: .
depends_on:
- db
- redis
volumes:
- .:/code
- logvolume01:/var/log
ports:
- "8080:80"
redis:
image: redis
db:
image: postgres
volumes:
logvolume01: {}
How can the web application address redis?
Using the container ID generated by redis
Using the name redis
Using the internal IP address of the redis container
By exposing port 6379 of redis container on the host and then using hosts IP
using the name redis
version: "3.8"
services:
web:
build: .
depends_on:
- db
- redis
volumes:
- .:/code
- logvolume01:/var/log
ports:
- "8080:80"
redis:
image: redis
db:
image: postgres
volumes:
logvolume01: {}
What kind of volume mount is configured on the web application for the /code directory inside the container?
Volume Mount
Bind Mount
Bind Mount
version: "3.8"
services:
web:
build: .
depends_on:
- db
- redis
volumes:
- .:/code
- logvolume01:/var/log
ports:
- "8080:80"
redis:
image: redis
db:
image: postgres
volumes:
logvolume01: {}
What kind of volume mount is configured on the web application for the /var/log directory inside the container?
Volume mount
Bind mount
Volume mount
version: "3.8"
services:
web:
build: .
depends_on:
- db
- redis
volumes:
- .:/code
- logvolume01:/var/log
ports:
- "8080:80"
redis:
image: redis
db:
image: postgres
volumes:
logvolume01: {}
Which is the correct statement referring to the following Compose file?
The depends_on configuration is not supported in Compose version 3
db and redis services will be started before web service
web service will be started before db and redis services
None of the above
db and redis services will be started before web service
What is the command to see the running process inside of containers created by compose file?
docker-compose top
docker-compose stats
docker top
docker stats
docker-compose top
What technologies can be used to group multiple machines together into a single cluster to run applications in the form of containers?
Swarm
Kubernetes
Mesos
Openshift
Swarm
Kubernetes
Mesos
Openshift
What are the advantages of container orchestration?
High availability
Auto Scaling
Self-healing
Declarative
High availability
Auto Scaling
Self-healing
Declarative
Swarm nodes can be physical or virtual, on the cloud or on-prem that have Docker engine installed on it.
True
False
True
A swarm cluster consists of at least one manager node and one or more worker nodes.
True
False
True
The manager in the swarm cluster receives instructions or tasks from the worker node and runs containers.
True
False
False
Manager nodes are dedicated to management tasks only and cannot run workloads.
True
False
False
Who is responsible for maintaining the desired state of the swarm cluster and taking necessary actions if a node was to fail or a new node was added to the cluster?
manager node
worker node
slave node
worker, slave nodes
manager node
You can promote a worker node to a manager node.
True
False
True
What feature of swarm closely relates to this use case – “If an instance of an application crashes, it is immediately replaced by a new one”?
Rolling updates
Self-healing
Scaling
Load Balancing
Self-healing
The communication between the nodes in the swarm cluster is not secured by default.
True
False
False
Is it possible to promote a worker node to manager in swarm?
Yes
No
Yes
The command docker node promote can be executed on any node “manager or worker”.
True
False
False
Promote worker1 to a manager node. Select the right answer.
docker promote node worker1
docker node promote worker1
docker swarm node promote worker1
docker swarm promote node worker1
docker node promote worker1
Change manager1 to a worker node. Select the right answer.
docker swarm node demote manager1
docker demote node manager1
docker node demote manager1
docker node demote manager1 worker
docker node demote manager1
If you have one manager in your swarm cluster, is it possible to demote it to a worker node?
True
False
False
What does the Reachable status of a node indicate in docker swarm?
The node is a worker node and is reachable
The node is a manager node and is reachable
The node is a manager node and is reachable and is not the leader
The node is a manager node and is the leader
The node is a manager node and is reachable and is not the leader
Which command is used to check the status of manager/worker nodes?
docker swarm ls
docker node ps
docker node ls
docker swarm show nodes
docker node ls
We want to perform maintenance tasks on node – worker1 – for performing patching and updates. Select the best way to achieve this.
docker node update –availability drain worker1
docker node update –availability active worker1
docker node rm worker1
None of the above
docker node update –availability drain worker1
When a worker node becomes active again after draining, the old containers will go back to this node.
True
False
False
We have a single manager 2 worker node swarm cluster. All three nodes are hosting workload. What is the sequence of activities to remove the manager node from the swarm cluster?
Drain the node, and run docker swarm leave.
Demote to a worker node, drain the node and run docker swarm leave.
Promote a worker node to master, demote manager to worker, drain the node and run docker swarm leave.
Add a new worker node, drain the manager node, and run docker swarm leave.
Promote a worker node to master, demote manager to worker, drain the node and run docker swarm leave.
It is recommended to have one manager in your cluster?
True
False
False
The manager node is responsible for maintaining the cluster state, distributing and ensuring the state of containers and services across all workers.
True
False
True
Which of the below statements are true when you have more than 1 manager nodes?
All decisions are made by all the managers at once.
All decisions are made by each manager turn by turn in a round-robin fashion.
All decisions are made by 1 manager who is the leader.
All decisions are made by 1 manager who is the leader.
…. is responsible for making sure that all the manager nodes that are in charge of managing and scheduling tasks in the cluster, are storing the same consistent state.
CFS
Scheduler
Raft consensus
Leader
Raft consensus
Out of a total of 3 masters if one node was to fail or was not responding at that moment and only two nodes were available,the decision to add the new worker can still be made with an agreement between the two available nodes.
True
False
True
…. is defined as the minimum number of managers required to be present for carrying out cluster management tasks.
Majority
Fault tolerance
Quorum
Single failure
Quorum
What is the maximum number of managers possible in a swarm cluster?
3
5
7
No limit
No Limit
Docker recommends 7
What is the maximum number of managers recommended by Docker in a swarm cluster?
3
5
7
No limit
7
Which formula can be used to calculate the Quorum of N nodes?
N + 1
N+1 / 2
N-1/2
N /2 -1
N-1/2
Which formula can be used to calculate the fault tolerance of N nodes?
N + 1
N+1 / 2
N / 2 +1
(N-1)/2
(N-1)/2
It is recommended to have an even number of master nodes.
True
False
False
Assume that you have 3 managers in your cluster, what will happen if 2 managers fail at the same time? Select the all-right answers.
The services hosted on the available worker nodes will continue to run.
The services hosted on the available worker nodes will stop running.
New services/workers can be created or added.
New services/workers can’t be created or added.
The services hosted on the available worker nodes will continue to run.
New services/workers can’t be created or added.
How many manager nodes must be online in a cluster with 13 manager nodes for the swarm cluster to continue to operate?
3
1
6
7
7
How many manager nodes must be online in a cluster with 7 manager nodes for the swarm cluster to continue to operate?
3
1
4
5
4
Among the below what is the recommended number of manager nodes as per best practices?
9
7
1
4
7
You have 3 data centers and 9 managers. How best should you distribute the managers between them to withstand site-wide disruptions?
3-3-3
9-0-0
4-4-1
4-3-2
3-3-3
You have 3 data centers and 11 managers. How best should you distribute the managers between them to withstand site-wide disruptions?
4-3-3
4-4-3
4-5-2
9-0-2
4-4-3
You have 3 data centers and 13 managers. How best should you distribute the managers between them to withstand site-wide disruptions?
5-5-3
6-6-1
7-5-1
7-3-3
5-5-3
You have 3 data centers and 7 managers. How best should you distribute the managers between them to withstand site-wide disruptions?
4-2-1
3-2-3
3-2-2
3-1-3
3-2-2
Which of the below statements are true?
By default, manager nodes host workloads. You must explicitly configure it not to.
By default, manager nodes do not host workloads. You must explicitly configure it to host workloads.
By default, manager nodes host workloads. You must explicitly configure it not to.
The RAFT logs are stored in memory on the manager nodes.
True
False
False
The RAFT logs are stored on disk and not protected.
True
False
False
The default behavior requires you to unlock the swarm when a new node joins the swarm cluster.
True
False
False
After restarting the docker service and trying to run docker service ls, you get an error “Error response from daemon: Swarm is encrypted and needs to be unlocked before it can be used. How can you solve this error?
docker swarm leave
docker swarm update
docker swarm lock
docker swarm unlock
docker swarm unlock
Which command can be used to return the current key which is used inside the cluster?
docker swarm lock-key
docker swarm lock –autolock=true
docker swarm unlock –autolock=true
docker swarm unlock-key
docker swarm unlock-key
Which command can be used to enable auto lock on an existing swarm?
docker swarm update –autolock=true
docker swarm lock –autolock=true
docker swarm set –autolock=true
docker swarm unlock-key
docker swarm update –autolock=true
…. are one or more instances of a single application that runs across the Swarm Cluster.
docker stack
services
pods
None of the above
services
Which command can be used to run an instance on swarm?
docker container run -d webapp
docker container create webapp
docker service create webapp
docker swarm service create webapp
docker service create webapp
What is the command to run 3 instances of httpd on a swarm cluster?
docker swarm service create –instances=3 httpd
docker swarm service create –replicas=3 httpd
docker service create –instances=3 httpd
docker service create –replicas=3 httpd
docker service create –replicas=3 httpd
What component is responsible for creating tasks in a swarm?
scheduler
dispatcher
orchestrator
allocator
orchestrator
What component is responsible for instructing a worker to run a task?
scheduler
dispatcher
orchestrator
allocater
scheduler
The …. assigns tasks to nodes in swarm.
scheduler
dispatcher
orchestrator
allocator
dispatcher
The …. is used to allocate IP addresses to tasks in swarm.
scheduler
dispatcher
orchestrator
allocator
allocator
Create a swarm service webapp with image httpd and expose port 8080 on host to port 80 in container.
docker container run –name=webapp -p 8080:80 httpd
docker service create –name=webapp -p 8080:80 httpd
docker service create –name=webapp -p 8800:80 –instances=3 httpd
docker service create –replicas=3 httpd
docker service create –name=webapp -p 8080:80 httpd
Which command can be used to list the running service inside the swarm?
docker service ps
docker service ls
docker container ps
docker container ls
docker service ls
Which command can be used to list the tasks that are running as part of a specified service?
docker service ps SERVICE-NAME
docker service ls
<code>docker container ps SERVICE-NAME</code>
<code>docker container ls</code>
docker service ps SERVICE-NAME
List more details about each service in a human-readable format.
docker service ps SERVICE-NAME –pretty
docker container ps SERVICE-NAME –pretty
docker service inspect SERVICE-NAME –pretty
None of the above
docker service inspect SERVICE-NAME –pretty
Which command can be used to get the logs of a swarm service?
docker container logs SERVICE-NAME
docker service logs SERVICE-NAME
docker swarm log SERVICE-NAME
docker swarm logs SERVICE-NAME
docker service logs SERVICE-NAME
Delete a webapp service from your cluster.
docker swarm leave webapp
docker service rm webapp
docker service rollback webapp
docker service del webapp
docker service rm webapp
How many replicas does a service created with the command – ‘docker service create webapp’ have?
0
1
2
3
1
Which command can be used to increase the number of replicas from 2 to 4 of webapp? Select the all right answer.
docker service update –replicas=4 webapp
docker service update –replicas=2 webapp
docker service scale webapp=2
docker service scale webapp=4
docker service update –replicas=4 webapp
The webapp:v1 had some bugs and we fixed them in webapp:v2. We want to apply webapp:v2 to webapp service. Select the right answer.
docker service update –image=webapp:v1 webapp
docker service update –image=webapp:v2 webapp
docker service update webapp webapp:v1
docker service update webapp webapp:v2
docker service update –image=webapp:v2 webapp
An image update operation in a swarm service happens all at once by default.
True
False
False
Which option of the docker service command can be used to update 4 replicas of mywebapp service at a time?
- -update-delay 4
- -update-parallelism 4
- -placement-pref-add 4
- -replicas 4
–update-parallelism 4
If at any time during an update a task returns FAILED, the default behaviour of the scheduler is to rollback the changes unless specified otherwise.
True
False
False
It is to pause
What option may be used to change the default behavior of a failed task during an update in a swarm?
- -update-failure-action
- -update-parallelism
- -update-delay
- -placement-pref-add
–update-failure-action
What are the actions which can be used with <code>–update-failure-action</code> ?
pause continue stop rollback rolling-update
pause
continue
rollback
After an update, we realized that something is wrong with the new version and we want to revert back to the old version. How can we achieve that?
docker service update rollback webapp
docker service rollback webapp
docker service rm webapp
docker service leave webapp
docker service rollback webapp
The default type of a service in docker swarm is global.
True
False
False
With a global service, you can specify a minimum number of replicas for the service.
True
False
False
A global service will always deploy exactly one instance of the application on all the nodes in the cluster.
True
False
True
With a global service if a node is removed from the cluster, then that instance is removed as well and is rescheduled on another available node.
True
False
False
Create a replicated service webapp with 2 replicas. Select the all-right answer.
docker service create –replicas=2 webapp
docker service create –mode=replicated –replicas=2 webapp
docker service create –mode=global –replicas=2 webapp
docker service create –replicas=2 web
docker service create –replicas=2 webapp
docker service create –mode=replicated –replicas=2 webapp
Deploy exactly one instance of the application on all the nodes in the cluster.
docker service create –replicas=1 webapp
docker service create –mode=replicated –replicas=1 webapp
docker service create –mode=global –replicas=1 webapp
docker service create –mode=global webapp
docker service create –mode=global webapp
How to get the service type of webapp service? Select the all-right answer.
docker container inspect webapp
docker service inspect webapp
docker container ls
docker service ls
docker service inspect webapp
docker service ls
You are required to deploy an agent of Splunk on all nodes in the swarm cluster to monitor the health of the nodes and gather logs. What is the best approach to achieve this?
Deploy the agent as a docker container on each node in the cluster. Use a cron job to set this up.
Deploy the agent as a global service in the swarm cluster.
Deploy the agent as a replicated service with the replica count equal to the number of worker nodes in the swarm cluster.
Deploy the agent as a global service in the swarm cluster.
By default, when we create a service, the tasks may be assigned to any of these nodes without any additional considerations as long as they have sufficient hardware resources.
True
False
True
If you specify multiple placement constraints, the service only deploys onto nodes where they are all met.
True
False
True
Which option can be used to control the workload placements with the help of labels and constraints?
replicated services
global services
placement constraints
resource restrictions
placement constraints
What is the command to deploy a service named webapp on a node which has a ‘type=cpu-optimized’ label.
docker service create –constraint=node.labels.type==cpu-optimized webapp
docker service create –labels type==cpu-optimized webapp
docker service create –container-label type==cpu-optimized webapp
None of the above
docker service create –constraint=node.labels.type==cpu-optimized webapp
What is the command to apply <code>’disk=ssd'</code> label to <code>worker1</code> in a swarm cluster.
docker node update –label-add disk=ssd worker1
docker node update –label-rm disk=ssd worker1
docker service update –labels disk=ssd worker1
docker service update –container-label disk=ssd worker1
docker node update –label-add disk=ssd worker1
Bridge is the default network a container gets attached to
True
False
True
If you use the host network mode for a container, that container’s network stack is not isolated from the Docker host as the container shares the host’s networking namespace.
True
False
True
The …. network disables all networking. Usually used in conjunction with a custom network driver.
host
bridge
overlay
none
none
The …. network connects multiple Docker daemons together and enables swarm services to communicate with each other.
host
overlay
bridge
none
overlay
When you initialize a Docker Swarm cluster it creates a new network of type overlay which is an internal private network that spans across all the nodes participating in the swarm cluster.
True
False
True
When you create a swarm service and do not connect it to a user-defined overlay network, it connects to the …. network by default.
host
bridge
macvlan
ingress
ingress
Which network will be created when you initialize a swarm or join a Docker host to an existing swarm?
host
bridge
macvlan
ingress
bridge
ingress
What is the command to create an overlay network driver called my-overlay?
docker network create my-overlay
docker create network my-overlay
docker network create -d overlay my-overlay
docker network create overlay my-overlay
docker network create -d overlay my-overlay
docker network inspect ingress
docker network -d rm ingress
docker network rm ingress
docker network create ingress
docker network rm ingress
Which command is used to list available networks in the swarm cluster?
docker network –filter
docker network get
docker network ls
None of the above
docker network ls
Create an overlay network driver called my-overlay with subnet 10.15.0.0/16 using a docker command.
docker network create my-overlay
docker network create –driver overlay –subnet 10.15.0.0/16 my-overlay
docker network create -d overlay -subnet 10.15.0.0/16
docker network create overlay my-overlay
docker network create –driver overlay –subnet 10.15.0.0/16 my-overlay
When you create an overlay network, only containers created as part of a swarm service can attach to it by default.
True
False
True
Create an overlay network that can also be connected by standalone containers that were not created as part of a swarm service.
docker network create –driver overlay –attachable my-overlay-network
docker network create –driver overlay –subnet 10.15.0.0/16 my-overlay-network
docker network create –driver overlay –opt encrypted my-overlay-network
docker network create –driver overlay my-overlay-network
docker network create –driver overlay –attachable my-overlay-network
By default, all swarm service management traffic is encrypted using …. algorithm.
TKIP
DES
AES
RSA
AES
Encrypt the application data and enable IPSEC encryption while creating the overlay network called my-overlay-network using a docker command.
docker network create –driver overlay –opt encrypted my-overlay-network
docker network create –driver overlay -o encrypted=true my-overlay-network
docker network create -d overlay –encrypted my-overlay
docker network create –driver overlay –opt encrypted my-overlay-network
docker network create –driver overlay -o encrypted=true my-overlay-network
Delete an overlay network driver called my-overlay using a docker command.
docker network rm my-overlay
docker create network -d my-overlay
docker rm network my-overlay
docker network rm -d my-overlay
docker network rm my-overlay
Remove all of the unused networks using a docker command.
docker network rm my-overlay-network
docker network prune
docker rm network my-overlay-network
docker network rm -all
docker network prune
Which port should be opened to allow the overlay and ingress network traffic?
2377
7946
4789
4946
4789
The …. port should be opened to allow communication among nodes/Container Network Discovery.
2377
7946
4789
4946
7946
Map UDP port 80 in the container to port 5000 on the overlay network using the my-web-server image.
docker service create -p 80:5000/udp my-web-server
docker service create –publish published=80,target=5000,protocol=udp my-web-server
docker service create -p 5000:80/udp my-web-server
docker service create –publish published=5000,target=80,protocol=udp my-web-server
docker service create -p 5000:80/udp my-web-server
docker service create –publish published=5000,target=80,protocol=udp my-web-server
You have a legacy application that monitors network traffic and expects to be directly connected to the physical network. What network driver would you recommend?
host
bridge
macvlan
ingress
macvlan
Which among the below networks are used to establish connectivity between containers on different hosts?
Bridge MACVlan None Overlay Host IPVlan
MACVlan
Overlay
IPVlan
Macvlan network driver assigns a MAC address to each container’s virtual network interface, making it appear to be a physical network interface directly connected to the physical network.
True
False
True
The routing mesh enables each node in the swarm to accept connections on published ports for any service running in the swarm, even if there’s no task running on the node.
True
False
True
Docker requires an external DNS server to be configured during installation to help the containers resolve each other using the container name.
True
False
False
The built-in DNS server in Docker always runs at IP address ….
- 0.0.11
- 0.0.1
- 17.0.3
- 17.0.1
127.0.0.11
Attach the application my-web-server to a service so that we can access it using its name with the existing overlay network driver my-overlay.
docker service create –name=my-service my-web-server
docker service create –name=my-web-server my-web-server
docker service create –name=my-web-server –network=my-overlay my-web-server
docker service create –publish published=5000,target=80,protocol=udp my-web-server
docker service create –name=my-web-server –network=my-overlay my-web-server
The services only under the same network will get resolved with their names so all of the micro-service components should be under the same network so that they can resolve each other.
True
False
True
Attach the application my-web-server to a service so that we can access it using its name with the existing overlay network driver my-overlay and the custom DNS 8.8.8.8
docker service create –name=my-service –dns=8.8.8.8 my-web-server
docker service create –name=my-web-server –dns=8.8.8.8 my-web-server
docker service create –name=my-web-server –dns=8.8.8.8 –network=my-overlay my-web-server
docker service create –name=my-web-server –network=my-overlay my-web-server
docker service create –name=my-web-server –dns=8.8.8.8 –network=my-overlay my-web-server
Service Discovery allows containers and services to locate and communicate with each other with their names.
True
False
True
The ….. is a packaged form of an application that has its own dependencies and runs in its own isolated environment.
stack
service
docker image
container
container
The ….. is one or multiple instances of the same type of container that runs on a single node or across multiple nodes in a swarm cluster.
stack
service
docker image
container
service
The ….. is a group of interrelated services that together form an entire application.
stack
service
docker image
container
stack
We must use version “2” and above of docker-compose file for stack configurations as Version “3” comes with support for a new property called deploy which is used by docker swarm for stack-related configurations.
True
False
False
To list stacks, run …
docker stack deploy
docker stack ls
docker stack services
docker stack ps
docker stack ls
To list the services created by a stack, run …
docker stack deploy
docker stack ls
docker stack services
docker stack ps
docker stack services
Which command can be used to list the tasks in a stack named <code>webapp</code>?
docker stack deploy webapp
docker stack ls webapp
docker stack services webapp
docker stack ps webapp
docker stack ps webapp
Which command can be used to remove a webapp stack?
docker stack deploy webapp
docker stack ls webapp
docker stack services webapp
docker stack rm webapp
docker stack rm webapp
You could restrict the resources assigned to a service using the …. property in the docker stack.
resources
replicas
constraints
restrict
resources
Which command can be used to deploy the STACKDEMO stack from a compose file? Select all the right answers.
docker stack deploy –compose-file docker-compose.yml STACKDEMO
cat docker-compose.yml | docker stack deploy –compose-file - STACKDEMO
docker stack services –compose-file docker-compose.yml STACKDEMO
docker stack ps –compose-file docker-compose.yml STACKDEMO
docker stack deploy –compose-file docker-compose.yml STACKDEMO
cat docker-compose.yml | docker stack deploy –compose-file - STACKDEMO
Refer to the below Docker stack file and answer the following questions:
version: 3
services:
redis:
image: "redis:alpine"
deploy:
replicas: 3
db:
image: postgres:9.4
deploy:
replicas: 1
placement:
constraints:
- "node.role==manager"
web:
image: webapp
deploy:
replicas: 5
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
interval: 30s
timeout: 5s
retries: 5
start_period: 120s
How many containers would be created in total for all services together?
3
9
5
1
9
version: 3
services:
redis:
image: "redis:alpine"
deploy:
replicas: 3
db:
image: postgres:9.4
deploy:
replicas: 1
placement:
constraints:
- "node.role==manager"
web:
image: webapp
deploy:
replicas: 5
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
interval: 30s
timeout: 5s
retries: 5
start_period: 120s
Which of the below statements are true?
The redis container will always be deployed on the manager node
The postgres container will only be deployed on the manager node
The web container may be deployed on any node – manager or worker
The redis container will not be deployed on the manager node
The postgres container will only be deployed on the manager node
The web container may be deployed on any node – manager or worker
Refer to the below Docker stack file and answer the following questions:
version: 3
services:
redis:
image: "redis:alpine"
deploy:
replicas: 3
db:
image: postgres:9.4
deploy:
replicas: 1
placement:
constraints:
- "node.role==manager"
web:
image: webapp
deploy:
replicas: 5
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
interval: 30s
timeout: 5s
retries: 5
start_period: 120s
The health check on the web service is configured to run at an interval of every 30 seconds. What would happen if the webserver takes 45 seconds to boot up the first time?
The web server container will be killed and restarted after 30 seconds
The health checks only start after 2 minutes, so the webserver has sufficient time to boot up
The health checks runs every 5 seconds and will mark the container as failed after 5 attempts
The web service will go into an infinite loop
The health checks only start after 2 minutes, so the web server has sufficient time to boot up
version: 3
services:
redis:
image: "redis:alpine"
deploy:
replicas: 3
db:
image: postgres:9.4
deploy:
replicas: 1
placement:
constraints:
- "node.role==manager"
web:
image: webapp
deploy:
replicas: 5
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
interval: 30s
timeout: 5s
retries: 5
start_period: 120s
What does the timeout value in the health check stand for?
The time after the container starts and before the first health check starts
The time between each health check trigger
The time the health check test – in this case, curl – waits to receive a successful response
The number of times a check is performed before marking the container failed
The time the health check test – in this case curl – waits to receive a successful response
version: 3
services:
redis:
image: "redis:alpine"
deploy:
replicas: 3
db:
image: postgres:9.4
deploy:
replicas: 1
placement:
constraints:
- "node.role==manager"
web:
image: webapp
deploy:
replicas: 5
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
interval: 30s
timeout: 5s
retries: 5
start_period: 120s
What do the retries value in the health check configuration stand for?
The time after the container starts and before the first health check starts
The time between each health check trigger
The time the health check test – in this case, curl – waits to receive a successful response
The number of times a check is performed before marking the container failed
The number of times the container restarts after the health check fails
The number of times a check is performed before marking the container failed
You could restrict the resources assigned to a service using the … property in the docker stack.
resources
replicas
constrains
restrict
resources
Which command can be used to promote worker2 to a manager node? Select the right answer.
docker promote node worker2
docker node promote worker2
docker swarm node promote worker2
docker swarm promote node worker2
docker node promote worker2
The communication between the nodes in the swarm cluster are not secured by default.
True
False
False
“Secure by default: Each node in the swarm enforces TLS mutual authentication and encryption to secure communications between itself and all other nodes.”
Which command can be used to run an instance on swarm?
docker container run -d cloud
docker container create cloud
docker service create cloud
docker swarm service create cloud
docker service create cloud
The … network connects multiple Docker daemons together and enables swarm services to communicate with each other.
host
bridge
overlay
none
overlay
Create a swarm service redisapp with image redis and expose port 8080 on host to port 6379 in container.
docker container run –name=redisapp -p 8080:6379 redis
docker service create –name=redisapp -p 8080:6379 redis
docker service create –name=redisapp -p 8800:6379 –instances=3 redis
docker service create –replicas=3 redis
docker service create –name=redisapp -p 8080:6379 redis
When you create a swarm service and do not connect it to a user-defined overlay network, it connects to the … network by default.
host
bridge
macvlan
ingress
ingress
Map TCP port 80 in the container to port 9595 on the overlay network using the web-server image.
docker service create –publish published=9595,target=8080,protocol=tcp web-server
docker service create -p 80:9595/tcp web-server
docker service create –publish published=80,target=9595,protocol=udp web-server
docker service create -p 9595:80/tcp web-server
docker service create -p 9595:80/tcp web-server
Which formula can be used to calculate the Quorum of N nodes?
N + 1
N+1 / 2
N / 2 +1
N /2 -1
N / 2 +1
Create an overlay network that can also be connected by standalone containers that were not created as part of a swarm service.
docker network create –driver overlay –attachable aone-network
docker network create –driver overlay –subnet 10.15.0.0/16 aone-network
docker network create –driver overlay –opt encrypted aone-network
docker network create –driver overlay aone-network
docker network create –driver overlay –attachable aone-network
Which Docker edition would we choose for obtaining the latest Docker Engine updates?
Docker Community Edition (CE)
Docker Developer Edition (DE)
Docker Enterprise Edition (EE)
Either Docker CE or Docker EE
Either Docker CE or Docker EE
“Docker CE and EE both get all the latest engine updates.”
How would we go about backing up images in the Docker Trusted Registry (DTR)?
Run a docker pull on all of the images to transfer them to another host.
Execute a container using the dtr image with the backup-images command.
Create a backup of everything in the DTR image storage volume.
To back up images, back up the contents of the volume DTR used to store images.
Back up everything in /var/lib/docker/volumes.
Create a backup of everything in the DTR image storage volume.
“To back up images, back up the contents of the volume DTR used to store images.”
What procedure should we follow to upgrade the Docker engine on an Ubuntu server?
Stop Docker, then install the packages with the newer version.
Remove all containers, stop Docker, and then install the newer version.
Install newer versions of the docker-ce and docker-ce-cli packages.
Stop Docker, remove the packages, and then reinstall the packages with a newer version.
Install newer versions of the docker-ce and docker-ce-cli packages.
“We must install newer versions of the packages in order to upgrade Docker.”
Which of the following namespaces is not enabled by default?
uts
mnt
user
pid
user
“Docker requires special configuration in order to utilize user namespaces.”
Sara wants to run a container using the busybox image, and she wants to pass a custom command to the container: echo Docker is great!. Which of the following commands will accomplish this?
docker run busybox echo Docker is great!
docker run busybox -cmd echo Docker is great!
docker run busybox [“echo”, “Docker is great!”]
docker run busybox -c echo Docker is great!
docker run busybox echo Docker is great!
This command will successfully execute the echo command in the container and print the message to the screen.
Which of the following commands will run a busybox container and automatically delete it once it exits?
docker run –restart no busybox
docker run –rm –restart on-failure busybox
docker run –rm busybox
docker container rm busybox
docker run –rm busybox
The –rm flag instructs Docker to automatically delete the container once it exits.
How would we create a new swarm cluster?
Start dockerd with the swarm=true flag.
Run docker cluster create.
Use a Docker compose file that defines a new cluster.
Run docker swarm init.
Run docker swarm init.
This command creates a new cluster and generates the current node inside the first Swarm manager.
What is the difference between a manager and a worker in Docker swarm?
Managers control the cluster, while workers only execute workloads.
Managers never execute containers, workers do.
Managers handle networking, while workers handle containers.
Managers create new workers.
Managers control the cluster, while workers only execute workloads.
This describes the roles of managers and workers in a swarm.
What does the EXPOSE directive do?
It documents ports intended for publishing at the time of running a container.
It makes a container’s port accessible externally.
It causes the container to listen on a port.
It automatically publishes ports when running a container.
“It documents ports intended for publishing at the time of running a container.”
The EXPOSE directive documents the ports that should be published when running a container from the image.
Dave needs Docker to use a custom stop signal for halting his software. How can he build an image that will instruct Docker on which stop signal to use?
Dave should use the STOPSIGNAL directive.
Dave should locate the process and kill it manually.
Dave should use the STOP directive.
Dave should use the docker stop command.
Dave should use the STOPSIGNAL directive.
The STOPSIGNAL directive instructs Docker on which stop signal to use for halting a container process.
Which Dockerfile directive would set up the base image that can serve as our starting point for establishing a new image?
BASE
ARG
FROM
START
FROM
The FROM directive sets the base image.
Which of the following statements truly applies to the ENV directive?
It sets an environment variable on the host while the container is running.
It sets environment variables that are made available in subsequent build steps and to containers at the runtime.
It sets environment variables that are only visible at the container runtime.
It sets environment variables that are only visible during later build steps.
It sets environment variables that are made available in subsequent build steps and to containers at the runtime.
The ENV directive sets environment variables, and they’re visible during subsequent build steps and at the container runtime.
How can we use multi-stage builds to generate small, efficient Docker images?
We can leverage the implementation of multi-stage builds, which will shorten the build processing times.
We can copy only specific files from previous stages so that we can keep the image as small as possible.
We can use separate build stages to delete files from the image.
We can build the image, and then run diagnostics on it in a separate stage to make it more efficient.
We can copy only specific files from previous stages so that we can keep the image as small as possible.
This is the primary use case for multi-stage builds.
Which of the following are insecure ways to allow a Docker client to authenticate against a registry that uses a self-signed certificate? (Choose two)
We pass the –insecure-registry flag to the Docker daemon.
We add the registry to insecure-registries in /etc/docker/daemon.json.
We use the –skip-tls flag with docker login.
We add the self-signed certificate as a trusted registry certificate under /etc/docker/certs.d/.
We pass the –insecure-registry flag to the Docker daemon.
We add the registry to insecure-registries in /etc/docker/daemon.json.
^ These methods work and are insecure
What is the term for a package containing all the software that’s needed to run a Docker container?
Kernel
Repository
Package
Image
An image contains the software that’s needed to run a Docker container.
- Image
“An image contains the software that’s needed to run a Docker container.”
How is the ADD directive different from COPY? (Choose two)
The ADD directive can transfer a specific file between build stages.
The ADD directive can pull a file from an external URL.
The ADD directive can extract an archive into the image.
The ADD directive can transfer files over to a specific location inside the image
- The ADD directive can pull a file from an external URL.
“The ADD directive can pull from a URL while COPY cannot.”
- The ADD directive can extract an archive into the image.
“The ADD directive can extract archives while COPY cannot.”
Describe what the RUN directive does.
The RUN directive executes a command on the host when building an image.
The RUN directive sets the default command for the image.
The RUN directive executes a command and commits the resulting changed files as a new layer in the image.
The RUN directive automatically runs a command when a new container gets created.
- The RUN directive executes a command and commits the resulting changed files as a new layer in the image.
“This accurately describes what RUN does.”
What is the primary purpose of a Docker registry?
It provides a central location for storing and distributing images.
It builds images.
It stores and organizes Dockerfiles.
Scan images for vulnerabilities.
It provides a central location for storing and distributing images.
“This is what a Docker registry does.”
What does the FROM directive do?
It indicates the build location of where the image is.
It pulls a file from an external source into the image.
It sets the working directory of containers ran using the image.
It sets a base image that can be used as a platform to begin builds.
It sets a base image that can be used as a platform to begin builds.
The FROM directive sets the base image.
Which of the following is true about the creation of private Docker registries?
We need Docker Trusted Registry (DTR) present if we want to generate a private registry.
We can create our own registry by running a container with the registry image.
We cannot secure a private registry in Docker Community Edition (CE).
We need a Docker EE license to have our own private registry created.
We can create our own registry by running a container with the registry image.
“Running this image will create a private Docker registry.”
Which of the following Kubernetes Node taint effects would evict existing Pods that do not tolerate the taint bearing that effect?
NoContainer
PreferNoSchedule
NoExecute
NoSchedule
NoExecute
“NoExecute evicts existing Pods from the Node.”
In Kubernetes, Which of the following is needed in order to expand a PersistentVolumeClaim?
A Storage driver that supports volume expansion.
A StorageClass with allowVolumeExpansion=true.
A StorageClass with expandable=true.
A PersistentVolume with allowVolumeExpansion=true.
A StorageClass with allowVolumeExpansion=true.
“In order to expand a PersistentVolumeClaim, the StorageClass must have allowVolumeExpansion set to true.”
Kelly has a Docker swarm cluster with –autolock enabled. One of her manager nodes has become locked, and she has lost the unlock key. Fortunately, there are still some swarm nodes that are not locked. How can she obtain the unlock key from one of the unlocked nodes?
Kelly can use the docker swarm key print command.
Kelly can use the docker swarm unlock-key command.
Kelly can look in the file located at /etc/docker/swarm/unlock.key.
Kelly can use the docker swarm unlock command.
Kelly can use the docker swarm unlock-key command.
“This command will retrieve the unlock key from a manager node that is currently not locked.”
Where can you add volumes to a Pod in Kubernetes?
The Pod specification.
The Pod metadata.
The Pod template in a Service specification.
the Container Specification.
The Pod specification.
“Volumes are listed in the PodSpec.”
We have some containerized software that needs to have a reference to the hostname of the node that the software is running on. Which of the following commands will let us pass the node hostname as an environment variable into each task in a service?
docker service create –env NODE_HOSTNAME=”{{.Node.Hostname}}” nginx
docker service create –pass-node-hostname=true nginx
docker service create -e NODE_HOSTNAME nginx
docker service create –env NODE_HOSTNAME=”{{Hostname}}” nginx
docker service create –env NODE_HOSTNAME=”{{.Node.Hostname}}” nginx
“This command will create an environment variable in each task that contains the node hostname.”
How would we back up the metadata for Docker Swarm?
We can run the swarm image with the backup command.
We can back up the contents of /etc/docker/swarm.
We can back up the contents of /usr/local/swarm.
While the Docker daemon stops, we can back up the contents of /var/lib/docker/swarm on a Swarm manager.
While the Docker daemon stops, we can back up the contents of /var/lib/docker/swarm on a Swarm manager.
“We can back up Docker Swarm metadata by backing up the contents of this directory.”
What should we use if we need to run multiple copies of a single image in a swarm?
We should use a task.
We should use a service.
We should use a stack.
We should run the docker-compose command.
We should use a service.
“Services are used to run multiple replicas that use the same image.”
Which of the following commands will evenly spread out tasks based upon the values of a node label?
docker service create –constraint spread=node.labels.availability_zone nginx
docker service create –placement-pref spread=node.labels.availability_zone nginx
docker service create –placement-pref spread nginx
docker service create –placement-pref even-spread=node.labels.availability_zone nginx
docker service create –placement-pref spread=node.labels.availability_zone nginx
“This command will evenly spread out tasks based upon the values of the availability_zone label.”
You have a web application frontend that will need to be accessed by users, and a backend database that will be accessed by the frontend Pods. Both of these components are running within your Kubernetes cluster. Which Service types should you use to expose the web frontend and the backend database, respectively?
NodePort, ClusterIP
ClusterIp for both.
NodePort for both.
ClusterIP, NodePort
NodePort, ClusterIP
You can use a NodePort Service to allow users to access the frontend, while a ClusterIP Service exposes the backend database to other pods within the cluster.
Sally wants to prevent Docker Swarm encryption keys from being stored insecurely on her swarm managers. How can she tackle enforcing a lock on the swarm cluster?
The auto-lock feature must be turned on when the cluster is initialized and cannot be enabled after the fact.
Sally cannot do this because Docker does not offer this functionality.
Sally can use the –autolock=true flag with the docker swarm update command.
Sally can locate the critical files after the installation and delete them.
Sally can use the –autolock=true flag with the docker swarm update command.
“This command will turn on –autolock, ensuring that managers will be automatically locked whenever the Docker daemon restarts.”
How would we rotate a docker swarm unlock-key and ensure that all nodes receive the new key?
We can use the docker swarm unlock command.
We would run the docker swarm unlock-key –rotate command on one manager node.
We would run the docker swarm unlock-key –rotate command on all manager nodes.
We would generate a new key and save it in a file located at /etc/docker/swarm/unlock.key.
We would run the docker swarm unlock-key –rotate command on one manager node.
This command will automatically rotate the key and handle all orchestration between nodes.
Which of the following scenarios would still allow the quorum to complete maintenance in a swarm cluster? (Choose two)
A 3-node cluster with 2 nodes down.
A 7-node cluster with 3 nodes down.
A 4-node cluster with 2 nodes down.
A 3-node cluster with 1 node down.
A 7-node cluster with 3 nodes down.
“More than half of the nodes are still up, so the quorum is maintained in this scenario.”
A 3-node cluster with 1 node down.
“More than half of the nodes are still up, so the quorum is maintained in this scenario.”
Which of the following commands will allow us to add a label to a Docker Swarm node?
docker node update –label-add
docker node tag
docker node update –labels
docker label add
docker node update –label-add
“This command will add a label to the node.”
Which devicemapper mode should we use for a production environment?
loop-lvm
direct-lvm
block storage
overlay2
direct-lvm
“We should use direct-lvm mode in a production environment.”
Which of the following commands may result in the creation of a new named volume?
docker run -v my-vol:/tmp nginx
docker run -v /my-vol:/tmp nginx
docker run -v /my-vol:/tmp:create nginx
docker run –mount source=/my-vol,destination=/tmp nginx
docker run -v my-vol:/tmp nginx
“This command will create a new volume called my-vol if one does not already exist under that name.”
Which of the following is true of filesystem storage models? (Choose two)
They are efficient with write-heavy workloads.
They store data in regular files on the host machine.
They use an external, object-based store.
They are used by overlay2 and aufs.
The overlay2 and aufs storage drivers both use filesystem storage models.
- They store data in regular files on the host machine.
“Filesystem storage models simulate a file system and store the data in regular files onto the host machine.”
- They are used by overlay2 and aufs.
“The overlay2 and aufs storage drivers both use filesystem storage models.”
Which of the following commands would we use to retrieve a list of volumes on the current machine?
docker volume ps
docker volume rm
docker volume ls
docker volume inspect
docker volume ls
“This command will return a list of volumes on the current machine.”
Which of the following commands can we use to locate the actual files that store a container’s internal data?
docker volume ls
docker container inspect
docker image inspect
docker container volume ls
docker container inspect
“This command will return the container metadata, including the location of its data on the host.”
When creating a container, how would we specify that the container should be attached to an existing network called my-network?
We can use docker run –network-alias web nginx.
We can use docker run -n my-network nginx.
We can use docker run –attach my-network nginx.
We can use docker run –network my-network nginx.
We can use docker run –network my-network nginx.
“This command will attach the container to an existing network called my-network.”
Which component of the Docker Container Networking Model (CNM) is responsible for allocating IP addresses within Docker networks?
A Docker Swarm manager is responsible.
The Docker network is responsible.
The network driver is responsible.
The IP Address Management (IPAM) Driver is responsible.
The IP Address Management (IPAM) Driver is responsible.
“The IPAM driver handles IP allocation”
When creating an overlay network, what flag can we use to allow containers to attach to the network after it is created?
–attachable
–network-driver attachable
–open true
–attach=true
–attachable
“After the creation of the overlay network, the –attachable flag will allow containers to attach to the network.”
Which of the following commands will publish a service’s port, but only on nodes that are running a task for that service?
docker service create -p mode=ingress,published=8082,target=80 nginx
docker service create -p 8080:80 nginx
docker service create -p 8080:80 –mode host nginx
docker service create -p mode=host,published=8082,target=80 nginx
docker service create -p mode=host,published=8082,target=80 nginx
“Host publishing mode only publishes ports on nodes that are running a task for the service.”
Which of the following tasks can we perform to set a custom DNS server for a container?
We can use the –nameserver flag with docker run.
We can use the –dns flag with docker run.
We can set “dns” in /etc/docker/daemon.json.
We can use the –dns-override flag with docker run.
We can use the –dns flag with docker run.
“This method would allow us to set a custom DNS server for the container.”
Which of the following is a valid method that we can use for setting the default DNS server for all containers on a host?
We can use docker config set dns.
We can use the –dns flag with docker run.
We can set “dns” in /etc/docker/daemon.json.
We can edit the /etc/hosts file on the host.
We can set “dns” in /etc/docker/daemon.json.
“This method will set the default DNS for all containers on the host.”
What component of the Docker Container Networking Model (CNM) refers to a collection of endpoints that can communicate with one another?
Network
Network device
IP Address Management (IPAM) Driver
Sandbox
Network
A network is a bridge that allows endpoints plus containers to communicate with one another.
Which of the following is true of a service that has a port published in ingress mode?
The service will listen on all nodes on the cluster.
The service will only listen on a manager.
The service will only listen on worker nodes that are running the service’s tasks and manager nodes.
The service will only listen on nodes that are running tasks associated with the service.
The service will listen on all nodes on the cluster.
“With ingress mode services listen on all nodes in the cluster.”
Which of the following statements about grants in the Universal Control Plane (UCP) is accurate?
Each grant refers to one or more roles.
A grant provides permissions concerning precisely one object.
Grants can give permissions to a user, team, or organization.
Grants give permissions to a subject, which consists of a user, team, or organization.
For each user, only one grant may be assigned.
Grants can give permissions to a user, team, or organization.
“Grants give permissions to a subject, which consists of a user, team, or organization.”
Tracy has a Docker Trusted Registry (DTR), and her development team has been mistakenly overwriting images in a repository by pushing a different image with an existing tag. How can she prevent this from happening?
Tracy can remove the team’s access to the registry.
Tracy can make the repository private.
Tracy can back up the registry.
Tracy can mark the repository as immutable.
Tracy can mark the repository as immutable.
“Marking the repository as immutable will prevent her team from overwriting existing tags.”
What is the name of Docker feature that enables us to sign images and verify image signatures before running them?
Docker Image Trust
Docker registry
Docker Content Trust
Docker Trusted Registry
Docker Content Trust
“Docker Content Trust allows us to sign images and verify signatures before running them.”
How can we provide custom certificates to the Universal Control Plane (UCP) and Docker Trusted Registry (DTR)?
We must supply the certificates during the UCP and DTR installation process.
We can push new certificates via the UCP web API.
We can upload certificates via the UCP and DTR web UIs.
docker ucp config –cert
We can upload certificates via the UCP and DTR web UIs.
“We can upload certificates in the administrative settings section for both UCP and DTR.”
How can you enable Docker Content Trust (DCT) in Docker Community Edition (CE)?
Set the CONTENT_TRUST environment variable to 1.
Set the DOCKER_CONTENT_TRUST environment variable to 1.
Set “content-trust”: true in /etc/docker/daemon.json.
Pass the –content-trust flag to dockerd.
Set the DOCKER_CONTENT_TRUST environment variable to 1.
Setting this environment variable to 1 will enable DCT.
Which command allows us to create an encrypted overlay network?
docker network create –opt encrypted my-net
docker network create –opt encrypted –driver overlay my-net
docker network create –encrypted –driver overlay my-net
docker network create –secure –driver overlay my-net
docker network create –opt encrypted –driver overlay my-net
“This command will create an encrypted overlay network.”
What is an easy way to configure a client to communicate with Universal Control Plane (UCP) using client certificates?
We can execute the docker login command.
docker ucp login
We can log into UCP via a browser.
We can download and use a client bundle.
We can download and use a client bundle.
“Client bundles provide client certificates for authenticating with UCP.”
Given Docker’s architecture and built-in security features, which of the following security scenarios should we be concerned about the most?
If an attacker gains control of a container, they could use it to affect other containers on the same host directly.
An attacker may intercept swarm-level traffic between swarm nodes and obtain sensitive information from the data.
If an attacker gains access to the Docker daemon, they could use it to execute commands as root on the host.
An attacker could set up a false machine under their control and join it to the swarm cluster to steal sensitive data, causing containers with sensitive data to execute on a fake device.
If an attacker gains access to the Docker daemon, they could use it to execute commands as root on the host.
The Docker daemon must run as root, so it is essential to ensure that it’s being protected and has limited access to it.
Which statements best describes Docker Enterprise?
Docker Enterprise provides a consistent and secure end-to-end application pipeline, choice of tools and languages, and globally consistent Kubernetes environments that run in any cloud.
Docker Enterprise enables deploying highly available workloads using Docker Swarm only.
Docker Enterprise automates many of the tasks that orchestration requires, like provisioning pods, containers, and cluster resources.
Self-healing components ensure that Docker Enterprise clusters remain highly available.
Docker Enterprise provides a consistent and secure end-to-end application pipeline, choice of tools and languages, and globally consistent Kubernetes environments that run in any cloud.
Docker Enterprise automates many of the tasks that orchestration requires, like provisioning pods, containers, and cluster resources.
Self-healing components ensure that Docker Enterprise clusters remain highly available.
Which of the below statements are true?
Docker CE or Docker Community Edition is the open-source and free version of Docker.
Docker CE needs a license key (or) file to activate it.
Both Docker Community Edition and Docker Enterprise Edition have the same core features and functions. Docker Enterprise Edition comes with additional support for IT teams to build, share and run business-critical applications at scale.
The only difference between Docker CE and Docker EE is that Docker EE comes with a dedicated support team
Docker CE or Docker Community Edition is the open-source and free version of Docker.
Both Docker Community Edition and Docker Enterprise Edition have the same core features and functions. Docker Enterprise Edition comes with additional support for IT teams to build, share and run business-critical applications at scale.
Docker Engine Enterprise is a hardened and secure version of Docker Engine.
True
False
True
Which of the following are the features of Docker Enterprise Edition?
Security & Access Control Universal Control Plane & Trusted Registry Source Code Management Docker Swarm Service Kubernetes Service
Security & Access Control
Universal Control Plane & Trusted Registry
Docker Swarm Service
Kubernetes Service
Docker Enterprise cluster can only be provisioned on public cloud platforms.
True
False
False
You can download your Docker EE license by navigating to the “My Content” page on Docker Store.
True
False
True
…. is the enterprise-grade cluster management platform from Docker. You install it on-premises or in your virtual private cloud, and it helps you manage your Docker cluster and applications through a single interface.
Universal Control Plane (UCP)
Docker Enterprise Edition
Docker Community Edition
Docker Trusted Registry (DTR)
Universal Control Plane (UCP)
… is a combination of multiple enterprise-grade tool sets which include Docker Engine Enterprise as well as container orchestration and registry tools.
Universal Control Plane (UCP)
Docker Enterprise Edition
Docker Community Edition
Docker Trusted Registry (DTR)
Docker Enterprise Edition
… is the enterprise-grade image storage solution from Docker. You install it behind your firewall so that you can securely store and manage the Docker images you use in your applications.
Universal Control Plane (UCP)
Docker Enterprise Edition
Docker Community Edition
Docker Trusted Registry (DTR)
Docker Trusted Registry (DTR)
Docker EE license subscription includes …. product.
Universal Control Plane (UCP)
Docker Trusted Registry (DTR)
Docker Engine – Enterprise with enterprise-grade support
Docker Engine – Community Edition
Universal Control Plane (UCP)
Docker Trusted Registry (DTR)
Docker Engine – Enterprise with enterprise-grade support
…. is one of the system requirements for UCP.
The nodes must be Linux Kernel version 3.10 or higher
Each node must be configured with a static ip address
User namespaces should not be configured on any node
all nodes must have Docker Engine Enterprise installed
The nodes must be Linux Kernel version 3.10 or higher
Each node must be configured with a static ip address
User namespaces should not be configured on any node
all nodes must have Docker Engine Enterprise installed
User namespaces should not be configured on any node as they are not currently supported in UCP.
True
False
True
With …, you can manage all of the computing resources you have available, like nodes, volumes, and networks from a centralized place.
Universal Control Plane (UCP)
Docker Enterprise Edition
Docker Community Edition
Docker Trusted Registry (DTR)
Universal Control Plane (UCP)
DTR is highly available through the use of multiple replicas of all containers and metadata such that if a machine fails, DTR continues to operate and can be repaired.
True
False
True
Docker enterprise is the only platform that supports both Docker swarm and Kubernetes on the same cluster.
True
False
True
Which command can be used to verify the installed docker is a CE or EE?
docker container ls
docker version
docker –version
None of the above
docker version
Which of the following need to be installed in order to provision the Docker EE infrastructure?
Docker Enterprise Engine should be installed on every node inside your Docker EE setup
A MongoDB database should be pre-provisioned prior to installing Docker EE
Install the Universal Control Plane (UCP)
Install the Docker Trusted Registry (DTR)
Docker Enterprise Engine should be installed on every node inside your Docker EE setup
Install the Universal Control Plane (UCP)
Install the Docker Trusted Registry (DTR)
Which of the following are the major components of Docker Engine – Enterprise?
A server which is a type of long-running program called a daemon process (the dockerd command).
A REST API which specifies interfaces that programs can use to talk to the daemon and instruct it what to do.
A command-line interface (CLI) client (the docker command).
A server which is a type of long-running program called a daemon process (the dockerd command).
A REST API which specifies interfaces that programs can use to talk to the daemon and instruct it what to do.
A command-line interface (CLI) client (the docker command).
Docker Engine – Enterprise can only be installed on linux distros.
True
False
False
To install Docker Enterprise, you will need the URL of the Docker Enterprise repository associated with your trial or subscription.
True
False
True
Which command can be used to start the docker ee service on a systemctl configured system?
sudo systemctl start docker-ee
sudo systemctl start docker
sudo systemctl docker start
sudo systemctl docker-ee start
sudo systemctl start docker
What is the command to show the installed version of “Docker Enterprise” Server and Client?
docker version
docker –version
docker -V
docker -v
docker version
Which of the below statements best describe the Universal Control Plane (UCP)?
UCP manages your Docker cluster and applications through a single interface.
Universal Control Plane (UCP) is the enterprise-grade cluster management solution from Docker.
UCP stores and manages images used by applications
UCP has its own built-in authentication mechanism and integrates with LDAP and AD services.
Universal Control Plane (UCP) is the enterprise-grade cluster management solution from Docker.
UCP has its own built-in authentication mechanism and integrates with LDAP and AD services.
UCP provides a simple and easy-to-use GUI to manage your applications.
True
False
True
Which of the following features does UCP provide?
Centralized Cluster Management
Deploy, manage and monitor workload
Built-in security and access control
Issue Tracker
Source Code Management
Centralized Cluster Management
Deploy, manage and monitor workload
Built-in security and access control
What are the minimum hardware requirements to install UCP?
4GB RAM, 2vCPUs and 10GB disk space for the /var partition for manager nodes, 2GB RAM and 500MB disk space for the /var partition for worker nodes
8GB RAM, 2vCPUs and 10GB disk space for the /var partition for manager nodes, 4GB RAM and 500MB disk space for the /var partition for worker nodes
8GB RAM, 2vCPUs and 10GB disk space for the /var/lib/docker partition for manager nodes, 4GB RAM and 500MB disk space for the /var/lib/docker partition for worker nodes
4GB RAM, 2vCPUs and 10GB disk space for the /var/lib/docker partition for manager nodes, 2GB RAM and 500MB disk space for the /var/lib/docker partition for worker nodes
8GB RAM, 2vCPUs, and 10GB disk space for the /var partition for manager nodes
4GB RAM and 500MB disk space for the /var partition for worker nodes
Which of the following are the prerequisites to install UCP for linux?
The nodes must be Linux Kernel version 3.10 or higher.
Each node must be configured with a static ip address.
Ensure they are configured with an NTP server to sync time.
User namespaces should be configured on every node.
All nodes must have Docker Engine Enterprise installed.
The nodes must be Linux Kernel version 3.10 or higher.
Each node must be configured with a static ip address.
Ensure they are configured with an NTP server to sync time.
All nodes must have Docker Engine Enterprise installed.
Which of the following are the components deployed on the manager node by UCP?
ucp-controller ucp-metric ucp-proxy ucp-auth-api ucp-agent
ucp-controller
ucp-auth-api
Which of the following are the components deployed by UCP on worker nodes?
ucp-agent
ucp-metric
ucp-proxy
ucp-auth-api
ucp-agent
ucp-proxy
Which of the following steps are required to add a worker node to a UCP cluster?
Make sure Docker EE is up and running and Pull the UCP image from the registry
Set the Admin Username and Password for UCP Console
Login to the Browser and provide the downloaded Docker EE License
Add more managers and workers as per requirement
Make sure Docker EE is up and running and Pull the UCP image from the registry
Set the Admin Username and Password for UCP Console
Login to the Browser and provide the downloaded Docker EE License
Add more managers and workers as per requirement
UCP works with Docker swarm under the hoods.
True
False
True
When a new node is added to the cluster the ucp-agent is deployed there and it automatically configures the node to work with UCP.
True
False
True
UCP has its own built-in authentication mechanism and integrates with LDAP and AD services.
True
False
True
When UCP is deployed it creates a replicated service called ucpagent.
True
False
False
When a new node is added to the cluster, an ucp-agent is deployed there.
True
False
True
Which component is responsible to serve the UCP components such as the web ui, the authentication api,metrics server, proxy and data stores used by UCP in the form of containers?
UCP Agent
Docker Enterprise Edition
Docker Community Edition
Docker Trusted Registry (DTR)
UCP Agent
We can interact with UCP from the GUI only.
True
False
False
One of the prerequisites to install the UCP is make sure that the Docker CE is up and running.
True
False
False
Which of the following steps are required to add a worker node?
Provision a node and Install Docker enterprise engine on it.
Run the <code>docker swarm join</code> command to join the new node to the cluster.
Deploy an instance of the ucp-agent on the new node.
ucp-agent then installs the necessary components on the worker node.
Provision a node and Install Docker enterprise engine on it.
Run the <code>docker swarm join</code> command to join the new node to the cluster.
ucp-agent then installs the necessary components on the worker node.
The ucp-agent installs the necessary components on the worker node automatically after a new node joins the cluster.
True
False
True
ucp-agent is configured as a global service.
True
False
True
Docker Trusted Private Registry stores Docker Images in a highly secure manner with additional features like Image signing, and Image scans etc.
True
False
True
Which of the following statements best describe Docker Trusted Registry (DTR)?
Docker Trusted Registry (DTR) is Mirantis’s enterprise-grade image storage solution.
Images stored on DTR can only be accessed from within the Docker EE Cluster
DTR provides a secure environment on which users can store and manage Docker images.
DTR should be installed only on a worker node that is managed by UCP
Docker Trusted Registry (DTR) is Mirantis’s enterprise-grade image storage solution.
DTR provides a secure environment on which users can store and manage Docker images.
DTR should be installed only on a worker node that is managed by UCP
What are the features of Docker Trusted Registry (DTR)?
Built-in Access Control
Image and Job Management
Automated image builds
Security Scanning
Dockerfile management in SCM
Image Signing
Built-in Access Control
Image and Job Management
Security Scanning
Image Signing
What is a recommended approach to deploying DTR?
Deploy a single instance of DTR.
Deploy at least 2 instances of DTR to support high availability.
Deploy at least 3 instances of DTR to support high availability.
Deploy at least 3 instances of DTR to support high availability.
DTR is able to reduce the bandwidth used when pulling Docker images by caching images closer to users.
True
False
True
Docker Trusted Registry (DTR) is a containerized application that runs on a Docker Universal Control Plane cluster.
True
False
True
To install DTR, all nodes must _______ and ____________.
Be a worker node managed by UCP
Be a manager node managed by UCP
Have a fixed hostname
Have at least 200 GB of disk space
Be a worker node managed by UCP
Have a fixed hostname
What are the minimum hardware requirements to install DTR?
4GB RAM, 2vCPUs, and 200GB of free disk space.
8GB RAM, 2vCPUs, and 200GB of free disk space.
16GB RAM, 2vCPUs, and 10GB of free disk space.
8GB RAM, 2vCPUs, and 10GB of free disk space.
16GB RAM, 2vCPUs, and 10GB of free disk space.
What are the recommended hardware requirements to install DTR?
16GB RAM, 2vCPUs and 100GB of free disk space.
16GB RAM, 4vCPUs and 25-100GB of free disk space.
8GB RAM, 4vCPUs and 25-100GB of free disk space.
8GB RAM, 2vCPUs and 100GB of free disk space.
16GB RAM, 4vCPUs, and 25-100GB of free disk space.
DTR and UCP must be installed on the same node.
True
False
False
DTR also supports RBAC for access control.
True
False
True
… is a private image registry/repository that can be deployed within your organization to store images securely.
DTR
UCP
UCP Agent
None of the above
DTR
DTR can only be installed on-premises, and not on virtual private cloud.
True
False
False
DTR has a web user interface that allows authorized users in your organization to browse Docker images and review repository events.
True
False
True
Which image is used to deploy the dtr?
dtr
docker/dtr
ucp
docker/ucp
docker/dtr
What is the type and the name of the network of the DTR deployment?
overlay/dtr
overlay/dtr-ol
bridge/dtr
bridge/dtr-ol
overlay/dtr-ol
By default, the docker registry stores the images you push to it in an NFS shared storage.
True
False
False
You can interact with the UCP either through the UCP GUI Console or through the CLI.
True
False
True
Which of the following statements are true about deploying workload via GUI on UCP Cluster?
The Docker swarm section in the UI helps create swam services by specifying the image details, scheduling, network, environment, resource, and logging configuration.
UCP only supports deploying workloads on Docker Swarm
UCP only supports deploying workloads on External Kubernetes Clusters
The Kubernetes section in the UI helps create Kubernetes objects such as PODs, services, ingress, controllers such as replicasets, deployments, daemonsets, statefulsets, job or cron jobs as well as service accounts or storage.
The Docker swarm section in the UI helps create swam services by specifying the image details, scheduling, network, environment, resource, and logging configuration.
The Kubernetes section in the UI helps create Kubernetes objects such as PODs, services, ingress, controllers such as replicasets, deployments, daemonsets, statefulsets, job or cron jobs as well as service accounts or storage.
Which of the following statements are true about deploying workload via CLI on UCP Cluster?
With CLI you may use the docker command-line interface to interact with the UCP cluster.
CLI access doesn’t require authentication to the UCP Cluster.
CLI access requires authentication to the UCP Cluster.
Download the certificate from UCP Console and copy this over to the server from where you’d like to access and extract it to a path.
With CLI you may use the docker command-line interface to interact with the UCP cluster.
CLI access requires authentication to the UCP Cluster.
Download the certificate from UCP Console and copy this over to the server from where you’d like to access and extract it to a path.
You can interact with the UCP through the CLI.
True
False
True
