Docker Associate Certification

Question 1

How can we supply our own certificates for UCP and DTR?

Answer 1

We can upload them through the web UIs.

Question 2

What is the CNM concept called that connects a container sandbox to a network?

Answer 2

Endpoint

Question 3

What is the recommended method for explicitly setting the storage driver?

Answer 3

Using the Docker daemon config file /etc/docker/daemon.json

Question 4

What ‘docker run’ flag is used for automatically deleting a container if it stops?

Answer 4

–rm

Question 5

What is a pluggable framework used for various implementations of containers’ internal storage?

Answer 5

Storage Drivers

Question 6

What is the docker daemon config file?

Answer 6

/etc/docker/daemon.json

Question 7

What flag is used to limit which nodes a service’s task will run on using node labels?

Answer 7

–constraint

Question 8

What command would we use to delete a stack?

Answer 8

docker stack rm STACK

Question 9

In UCP security a large group of teams that share similar permissions would be called?

Answer 9

An organisation

Question 10

What is the docker command used for retrieving detailed information about an object?

Answer 10

docker inspect

Question 11

What flag is used for encrypting an overlay network?

Answer 11

–opt encrypted

Question 12

What is the name of the type of docker mount that manages the location of the data on the host dynamically?

Answer 12

Volume

Question 13

What is a ‘devicemapper’ mode that is intended for testing purposes only?

Answer 13

loop-lvm

Question 14

What flag is used for spreading a services task’s evenly based on a node label?

Answer 14

–placement-pref spread=LABEL

Question 15

What three main packages are needed for the installation of Docker CE?

Answer 15

1. docker-ce
2. docker-ce-cli
3. containerd.io

Question 16

What docker command is used for listing the nodes in a swarm?

Answer 16

docker node ls

Question 17

In UCP security, a group of users that share the same set of permissions is known as what?

Answer 17

A team

Question 18

What docker command is used for listing all running and stopped containers?

Answer 18

docker ps -a

Question 19

What is Docker’s networking architectural framework called?

Answer 19

Container Networking Model (CNM)

Question 20

What does docker EE stand for?

Answer 20

Docker Enterprise Edition

Question 21

What is the Docker command for service creation?

Answer 21

docker service create

Question 22

What is the docker command for stopping a running container?

Answer 22

docker container stop CONTAINER

Question 23

What is the network driver called that isolates containers, but provides further networking implementation?

Answer 23

none

Question 24

What is the default storage driver for the latest versions of Ubuntu and CentOS called?

Answer 24

overlay2

Question 25

What restart policy indicates that a container should be automatically restarted if it exists, regardless of whether it succeeds or fails, and when the docker daemon starts?

Answer 25

always

Question 26

What is the docker daemon flag for setting the storage driver?

Answer 26

–storage-driver

Question 27

What is the network driver called that uses the host’s network stack directly with no isolation?

Answer 27

host

Question 28

What command is used for retrieving the ‘unlock-key’ from an unlocked swarm manager?

Answer 28

docker swarm unlock-key

Question 29

How can we detect vulnerabilites in our software with DTR?

Answer 29

Through the use of image vulnerability scanning, we can detect them.

Question 30

What command can be used for retrieving more information about an image?

Answer 30

docker image inspect

Question 31

What would be the location of trusted certificates in Docker?

Answer 31

/etc/docker/certs.d/

Question 32

What is the non-free version of Docker called?

Answer 32

Docker Enterprise Edition (EE)

Question 33

What is the free, open-source version of Docker called?

Answer 33

Docker Community Edition (CE)

Question 34

What ‘devicemapper’ mode is recommended for production use?

Answer 34

direct-lvm

Question 35

What ‘docker run’ flag is used to set a soft limit on memory usage, and when the host runs out of memory?

Answer 35

–memory-reservation

Question 36

What flag can be used to provide a Go template to ‘docker inspect’ for retrieving specific data?

Answer 36

–format

Question 37

How do we change the default logging driver options?

Answer 37

We can set the “log-opts” value in /etc/docker/daemon.json.

Question 38

What command can be leveraged to view how storage is being used by Docker?

Answer 38

docker system df

Question 39

What restart policy indicates that a container must restart if it exits with a non-zero exit code?

Answer 39

on-failure

Question 40

What command can be used to update the number of replicas in a service?

Answer 40

“docker service update --replicas REPLICAS SERVICE_NAME
or
docker service scale SERVICE_NAME=REPLICAS”

Question 41

What is UCP?

Answer 41

The Universal Control Plane (UCP) is an enterprise-grade Docker and Kubernetes cluster with a web UI and contains additional features.

Question 42

What is the default storage driver for CentOS 7 or earlier called?

Answer 42

devicemapper

Question 43

What is the restart policy that indicates a container should be automatically restarted if it exits, regardless of whether it succeeds or fails, when the docker daemon starts, unless the container is explicitly stopped?

Answer 43

unless-stopped

Question 44

What is the service publising mode that only listens on nodes where the services tasks are running?

Answer 44

host

Question 45

What is the command for creating or updating a stack?

Answer 45

docker stack deploy

Question 46

In UCP security, a subject who can do something, or rather a role that defines what they can do, and the collection of objects that they are allowed to act upon is called?

Answer 46

A grant defines what they can do and the collection of objects that they are allowed to act upon.

Question 47

What flag is used to set the network to a container that it will be attached to?

Answer 47

–network

Question 48

What command can be used to the rotate the ‘unlock-key’ in a swarm?

Answer 48

docker swarm unlock-key –rotate

Question 49

How can we change the default logging driver?

Answer 49

We can set the “log-driver” value in “etc/docker/daemon.json”

Question 50

What flag is used to set a custom DNS for a container?

Answer 50

–dns

Question 51

What is the storage model called that stores data in regular files on the host file system?

Answer 51

Filesystem storage

Question 52

What volume driver stores data externally using SSH, so it is easily accessed from any node in a cluster?

Answer 52

vieux/sshfs

Question 53

What is the docker run flag for setting a hard upper limit on memory usage?

Answer 53

–memory

Question 54

What is the docker service mode called that runs exactly one replica on each node?

Answer 54

global

Question 55

How would we grant a user access to Docker?

Answer 55

We would add the user to the docker group

Question 56

What is the package that contains all the software and data needed to run a container?

Answer 56

Image

Question 57

What is the command for authenticating with a secure registry?

Answer 57

docker login

Question 58

What is the command for retrieving the current version of docker?

Answer 58

docker version

Question 59

What is a container image that is useful for network troubleshooting?

Answer 59

nicolaka/netshoot

Question 60

What netwrok driver uses virtual bridge interfaces for connecting containers on the same host?

Answer 60

Bridge

Question 61

What would be the number of managers required to maintain quorum?

Answer 61

More than half

Question 62

Where can we retrieve a repository URL for installing Docker EE?

Answer 62

Docker Hub

Question 63

What does MTLS stand for?

Answer 63

Mutually Authenticated Transport Layer Security

Question 64

What command lists images on the host?

Answer 64

docker image ls

Question 65

What docker CNM concept refers to a container’s network space in an isolated state?

Answer 65

Sandbox

Question 66

What network driver uses a routing mechanism to connect containers on different hosts?

Answer 66

overlay

Question 67

How can we prevent tags from being overwritten in DTR?

Answer 67

We can make the repository immutable

Question 68

What is the docker swarm node called, that controls the cluster?

Answer 68

A swarm manager

Question 69

What command retrieves container logs from all tasks tied to a service?

Answer 69

docker service logs SERVICE

Question 70

What command adds a label to a node?

Answer 70

docker node update –label-add LABEL NODE_NAME

Question 71

What important data does a backup of the DTR metadata not handle?

Answer 71

Images

Question 72

What is the cluster management solution packaged with Docker called?

Answer 72

Docker Swarm

Question 73

What is the dockerfile directive used to set environment variables called?

Answer 73

ENV

Question 74

What does the IPAM driver stand for?

Answer 74

IP Address Management Driver

Question 75

What is the central location for storing and distributing images called?

Answer 75

The registry is the central location

Question 76

How do we backup DTR images?

Answer 76

We backup the contents of the image volume?

Question 77

What is the docker command that is used to generate a ‘join’ command that can be run on a worker so that it can join the cluster?

Answer 77

docker swarm join-token worker

Question 78

How do we specify when a container should be automatically restarted with a ‘docker run’?

Answer 78

We use the –restart flag

Question 79

What tool is used to run a multi-container appplication on a single host?

Answer 79

Docker compose

Question 80

What is a storage model that stores data in an external, object-based store called?

Answer 80

Object storage

Question 81

How would we run a specific image tag with ‘docker run’?

Answer 81

docker run IMAGE:TAG

Question 82

What is the docker command used for container deletion?

Answer 82

docker container rm CONTAINER

Question 83

What is the default restart policy for Docker containers?

Answer 83

no

Question 84

What is the ‘docker run’ flag for publishing a port?

Answer 84

-p HOST_PORT:CONTAINER_PORT

Question 85

What is the docker command for starting a stopped container?

Answer 85

docker container start CONTAINER

Question 86

What is the name of the docker service mode that runs a specified number of replicas?

Answer 86

Replicated

Question 87

What does the ‘docker run -d’ command do?

Answer 87

It runs the container in the detached mode ( in the background)

Question 88

How do we enable the auto lock feature in a docker swarm?

Answer 88

We can use the docker swarm update --autolock=true command.

Question 89

What does DTR stand for?

Answer 89

Docker Trusted Registry

Question 90

What is the storage model called that uses special block devices to store data?

Answer 90

Block storage

Question 91

What is the name of the kernel feature that Docker uses to enforce resource usage rules?

Answer 91

cgroups

Question 92

What allows us to download a client certificate and configuration scripts from UCP easily?

Answer 92

A client bundle allows us to perform this

Question 93

In UCP security, what defines the specific actions that someone has permission to do as part of a grant?

Answer 93

A role defines specific actions

Question 94

How do we pass commands and arguments to a container with ‘docker run’?

Answer 94

docker run IMAGE COMMAND ARGS…

Question 95

What command is used for running a container?

Answer 95

docker run IMAGE

Question 96

What command is used for retrieving container logs?

Answer 96

docker logs CONTAINER

Question 97

In the docker CNM concept: multiple endpoints that can communicate with each other would be known as what?

Answer 97

A network

Question 98

What is the name of the Docker Build that uses multiple ‘FROM’ directives?

Answer 98

Multi-stage build

Question 99

What is the dockerfile directive for running a command and committing the result?

Answer 99

RUN

Question 100

What flags can override the logging driver configuration of a container?

Answer 100

–log-driver’ and ‘–log-opt’

Question 101

What are flags used for mounting volumes with ‘Docker run’?

Answer 101

”-v
or
--mount”

Question 102

What command can we use to unlock a locked Swarm manager?

Answer 102

docker swarm unlock

Question 103

What is the process of downgrading the Docker Engine?

Answer 103

“1. Stop Docker.

2. Remove packages.
3. Install an older package version.”

Question 104

What is the netwrok driver that connects containers to host interfaces but uses unique settings to provide isolation?

Answer 104

macvlan

Question 105

What is the name of the service publishing mode that listens on all nodes?

Answer 105

ingress’ mode

Question 106

What is the command for listing all intermediate images?

Answer 106

docker image ls -a

Question 107

What is the kernel feature called that limits what resources a process can see?

Answer 107

Namespaces

Question 108

What does UCP stand for?

Answer 108

Universal Control Plane

Question 109

What is the command for creating a Docker Network?

Answer 109

docker network create

Question 110

What docker command lets us initialise a swarm?

Answer 110

docker swarm init –advertise-addr

Question 111

What is the command for signing and pushing an image?

Answer 111

dokcer trust sign TAG

Question 112

What is a swarm node called that executes the clusters’ workloads?

Answer 112

A worker node

Question 113

What is the command for building an image from a Dockerfile?

Answer 113

docker build

Question 114

How would we access the Docker daemon logs?

Answer 114

We would use the sudo journalctl -u docker command.

Question 115

How do we inject a container into another container’s network sandbox for troubleshooting?

Answer 115

We would use the --network container: command.

Question 116

What kernel feature provides granular permission to container processes without the need for ‘root’ access?

Answer 116

Capabilities

Question 117

What would the process entail for upgrading the Docker Engine?

Answer 117

It would require installing a newer package version.

Question 118

What would be a configuration value that we can use to set a custom default ‘DNS’ in ‘daemon.json’?

Answer 118

“dns”

Question 119

What is it called when we have a collection of multiple services deployed to a swarm as a unit?

Answer 119

Stack

Question 120

What is Docker Trusted Registry (DTR)?

Answer 120

An enterprise-level private registry that consists of a web user interface (UI) and additional features

Question 121

What does ‘docker run –name NAME’ command do?

Answer 121

It sets the name for the container

Question 122

What command is used for deleting an image?

Answer 122

docker image rm

Question 123

What is a namespace that requires special, advanced configuration before docker can use it?

Answer 123

User

Question 124

What command is used for downloading an image from a registry?

Answer 124

docker pull

Question 125

How would we backup UCP and DTR metadata?

Answer 125

We would run the backup command with the UCP/DTR images.

Question 126

What is the default storage driver for Ubuntu and CentOS 8+?

Answer 126

overlay2

Question 127

What is the Docker config file key called for setting the storage driver?

Answer 127

storage-driver

Question 128

What is the type of Docker mount that mounts a specific directory on the host to a container?

Answer 128

Bind mount

Question 129

What is the pluggable system for managing container logs called?

Answer 129

Logging drivers

Question 130

What is the Dockerfile directive called for specifying a custom command when checking whether the container is healthy?

Answer 130

HEALTHCHECK

Question 131

How would we enable Docker Content Trust (DCT)?

Answer 131

We set the environment variable: DOCKER_CONTENT_TRUST=1.

Question 132

What is the Docker restart policy called that indicates whether the container should never be restarted automatically?

Answer 132

no

Question 133

What is the Dockerfile directive for setting the base image?

Answer 133

FROM

Question 134

How would we distribute 7 manager nodes across 3 availability zones?

Answer 134

3-2-2

Question 135

What is the command for automatically deleting unused images?

Answer 135

docker image prune

Question 136

What directory would we backup if we needed to backup Swarm data?

Answer 136

/var/lib/docker/swarm

Question 137

What is the Dockerfile directive for setting a default command for containers?

Answer 137

CMD

Question 138

What would we call a collection of replica containers running the same image in a swarm?

Answer 138

A service consists of a collection of replica containers running the same image in a swarm.

Question 139

What is the Docker command for listing any running containers?

Answer 139

docker ps