Docker Associate Certification Flashcards
Revise and prepare for the Docker Associate Certification
1
Q
How can we supply our own certificates for UCP and DTR?
A
We can upload them through the web UIs.
2
Q
What is the CNM concept called that connects a container sandbox to a network?
A
Endpoint
3
Q
What is the recommended method for explicitly setting the storage driver?
A
Using the Docker daemon config file /etc/docker/daemon.json
4
Q
What ‘docker run’ flag is used for automatically deleting a container if it stops?
A
–rm
5
Q
What is a pluggable framework used for various implementations of containers’ internal storage?
A
Storage Drivers
6
Q
What is the docker daemon config file?
A
/etc/docker/daemon.json
7
Q
What flag is used to limit which nodes a service’s task will run on using node labels?
A
–constraint
8
Q
What command would we use to delete a stack?
A
docker stack rm STACK
9
Q
In UCP security a large group of teams that share similar permissions would be called?
A
An organisation
10
Q
What is the docker command used for retrieving detailed information about an object?
A
docker inspect
11
Q
What flag is used for encrypting an overlay network?
A
–opt encrypted
12
Q
What is the name of the type of docker mount that manages the location of the data on the host dynamically?
A
Volume
13
Q
What is a ‘devicemapper’ mode that is intended for testing purposes only?
A
loop-lvm
14
Q
What flag is used for spreading a services task’s evenly based on a node label?
A
–placement-pref spread=LABEL
15
Q
What three main packages are needed for the installation of Docker CE?
A
- docker-ce
- docker-ce-cli
- containerd.io
16
Q
What docker command is used for listing the nodes in a swarm?
A
docker node ls
17
Q
In UCP security, a group of users that share the same set of permissions is known as what?
A
A team
18
Q
What docker command is used for listing all running and stopped containers?
A
docker ps -a
19
Q
What is Docker’s networking architectural framework called?
A
Container Networking Model (CNM)
20
Q
What does docker EE stand for?
A
Docker Enterprise Edition
21
Q
What is the Docker command for service creation?
A
docker service create
22
Q
What is the docker command for stopping a running container?
A
docker container stop CONTAINER
23
Q
What is the network driver called that isolates containers, but provides further networking implementation?
A
none
24
Q
What is the default storage driver for the latest versions of Ubuntu and CentOS called?
A
overlay2
25
What restart policy indicates that a container should be automatically restarted if it exists, regardless of whether it succeeds or fails, and when the docker daemon starts?
always
26
What is the docker daemon flag for setting the storage driver?
--storage-driver
27
What is the network driver called that uses the host's network stack directly with no isolation?
host
28
What command is used for retrieving the 'unlock-key' from an unlocked swarm manager?
docker swarm unlock-key
29
How can we detect vulnerabilites in our software with DTR?
Through the use of image vulnerability scanning, we can detect them.
30
What command can be used for retrieving more information about an image?
docker image inspect
31
What would be the location of trusted certificates in Docker?
/etc/docker/certs.d/
32
What is the non-free version of Docker called?
Docker Enterprise Edition (EE)
33
What is the free, open-source version of Docker called?
Docker Community Edition (CE)
34
What 'devicemapper' mode is recommended for production use?
direct-lvm
35
What 'docker run' flag is used to set a soft limit on memory usage, and when the host runs out of memory?
--memory-reservation
36
What flag can be used to provide a Go template to 'docker inspect' for retrieving specific data?
--format
37
How do we change the default logging driver options?
We can set the "log-opts" value in `/etc/docker/daemon.json`.
38
What command can be leveraged to view how storage is being used by Docker?
docker system df
39
What restart policy indicates that a container must restart if it exits with a non-zero exit code?
on-failure
40
What command can be used to update the number of replicas in a service?
"`docker service update --replicas REPLICAS SERVICE_NAME`
or
`docker service scale SERVICE_NAME=REPLICAS`"
41
What is UCP?
The Universal Control Plane (UCP) is an enterprise-grade Docker and Kubernetes cluster with a web UI and contains additional features.
42
What is the default storage driver for CentOS 7 or earlier called?
devicemapper
43
What is the restart policy that indicates a container should be automatically restarted if it exits, regardless of whether it succeeds or fails, when the docker daemon starts, unless the container is explicitly stopped?
unless-stopped
44
What is the service publising mode that only listens on nodes where the services tasks are running?
host
45
What is the command for creating or updating a stack?
docker stack deploy
46
In UCP security, a subject who can do something, or rather a role that defines what they can do, and the collection of objects that they are allowed to act upon is called?
A grant defines what they can do and the collection of objects that they are allowed to act upon.
47
What flag is used to set the network to a container that it will be attached to?
--network
48
What command can be used to the rotate the 'unlock-key' in a swarm?
docker swarm unlock-key --rotate
49
How can we change the default logging driver?
We can set the "log-driver" value in "etc/docker/daemon.json"
50
What flag is used to set a custom DNS for a container?
--dns
51
What is the storage model called that stores data in regular files on the host file system?
Filesystem storage
52
What volume driver stores data externally using SSH, so it is easily accessed from any node in a cluster?
vieux/sshfs
53
What is the docker run flag for setting a hard upper limit on memory usage?
--memory
54
What is the docker service mode called that runs exactly one replica on each node?
global
55
How would we grant a user access to Docker?
We would add the user to the docker group
56
What is the package that contains all the software and data needed to run a container?
Image
57
What is the command for authenticating with a secure registry?
docker login
58
What is the command for retrieving the current version of docker?
docker version
59
What is a container image that is useful for network troubleshooting?
nicolaka/netshoot
60
What netwrok driver uses virtual bridge interfaces for connecting containers on the same host?
Bridge
61
What would be the number of managers required to maintain quorum?
More than half
62
Where can we retrieve a repository URL for installing Docker EE?
Docker Hub
63
What does MTLS stand for?
Mutually Authenticated Transport Layer Security
64
What command lists images on the host?
docker image ls
65
What docker CNM concept refers to a container's network space in an isolated state?
Sandbox
66
What network driver uses a routing mechanism to connect containers on different hosts?
overlay
67
How can we prevent tags from being overwritten in DTR?
We can make the repository immutable
68
What is the docker swarm node called, that controls the cluster?
A swarm manager
69
What command retrieves container logs from all tasks tied to a service?
docker service logs SERVICE
70
What command adds a label to a node?
docker node update --label-add LABEL NODE_NAME
71
What important data does a backup of the DTR metadata not handle?
Images
72
What is the cluster management solution packaged with Docker called?
Docker Swarm
73
What is the dockerfile directive used to set environment variables called?
ENV
74
What does the IPAM driver stand for?
IP Address Management Driver
75
What is the central location for storing and distributing images called?
The registry is the central location
76
How do we backup DTR images?
We backup the contents of the image volume?
77
What is the docker command that is used to generate a 'join' command that can be run on a worker so that it can join the cluster?
docker swarm join-token worker
78
How do we specify when a container should be automatically restarted with a 'docker run'?
We use the --restart flag
79
What tool is used to run a multi-container appplication on a single host?
Docker compose
80
What is a storage model that stores data in an external, object-based store called?
Object storage
81
How would we run a specific image tag with 'docker run'?
docker run IMAGE:TAG
82
What is the docker command used for container deletion?
docker container rm CONTAINER
83
What is the default restart policy for Docker containers?
no
84
What is the 'docker run' flag for publishing a port?
-p HOST_PORT:CONTAINER_PORT
85
What is the docker command for starting a stopped container?
docker container start CONTAINER
86
What is the name of the docker service mode that runs a specified number of replicas?
Replicated
87
What does the 'docker run -d' command do?
It runs the container in the detached mode ( in the background)
88
How do we enable the auto lock feature in a docker swarm?
We can use the `docker swarm update --autolock=true` command.
89
What does DTR stand for?
Docker Trusted Registry
90
What is the storage model called that uses special block devices to store data?
Block storage
91
What is the name of the kernel feature that Docker uses to enforce resource usage rules?
cgroups
92
What allows us to download a client certificate and configuration scripts from UCP easily?
A client bundle allows us to perform this
93
In UCP security, what defines the specific actions that someone has permission to do as part of a grant?
A role defines specific actions
94
How do we pass commands and arguments to a container with 'docker run'?
docker run IMAGE COMMAND ARGS…
95
What command is used for running a container?
docker run IMAGE
96
What command is used for retrieving container logs?
docker logs CONTAINER
97
In the docker CNM concept: multiple endpoints that can communicate with each other would be known as what?
A network
98
What is the name of the Docker Build that uses multiple 'FROM' directives?
Multi-stage build
99
What is the dockerfile directive for running a command and committing the result?
RUN
100
What flags can override the logging driver configuration of a container?
--log-driver' and '--log-opt'
101
What are flags used for mounting volumes with 'Docker run'?
"`-v`
or
`--mount`"
102
What command can we use to unlock a locked Swarm manager?
docker swarm unlock
103
What is the process of downgrading the Docker Engine?
"1. Stop Docker.
2. Remove packages.
3. Install an older package version."
104
What is the netwrok driver that connects containers to host interfaces but uses unique settings to provide isolation?
macvlan
105
What is the name of the service publishing mode that listens on all nodes?
ingress' mode
106
What is the command for listing all intermediate images?
docker image ls -a
107
What is the kernel feature called that limits what resources a process can see?
Namespaces
108
What does UCP stand for?
Universal Control Plane
109
What is the command for creating a Docker Network?
docker network create
110
What docker command lets us initialise a swarm?
docker swarm init --advertise-addr
111
What is the command for signing and pushing an image?
dokcer trust sign TAG
112
What is a swarm node called that executes the clusters' workloads?
A worker node
113
What is the command for building an image from a Dockerfile?
docker build
114
How would we access the Docker daemon logs?
We would use the `sudo journalctl -u docker` command.
115
How do we inject a container into another container's network sandbox for troubleshooting?
We would use the `--network container:` command.
116
What kernel feature provides granular permission to container processes without the need for 'root' access?
Capabilities
117
What would the process entail for upgrading the Docker Engine?
It would require installing a newer package version.
118
What would be a configuration value that we can use to set a custom default 'DNS' in 'daemon.json'?
"dns"
119
What is it called when we have a collection of multiple services deployed to a swarm as a unit?
Stack
120
What is Docker Trusted Registry (DTR)?
An enterprise-level private registry that consists of a web user interface (UI) and additional features
121
What does 'docker run --name NAME' command do?
It sets the name for the container
122
What command is used for deleting an image?
docker image rm
123
What is a namespace that requires special, advanced configuration before docker can use it?
User
124
What command is used for downloading an image from a registry?
docker pull
125
How would we backup UCP and DTR metadata?
We would run the backup command with the UCP/DTR images.
126
What is the default storage driver for Ubuntu and CentOS 8+?
overlay2
127
What is the Docker config file key called for setting the storage driver?
storage-driver
128
What is the type of Docker mount that mounts a specific directory on the host to a container?
Bind mount
129
What is the pluggable system for managing container logs called?
Logging drivers
130
What is the Dockerfile directive called for specifying a custom command when checking whether the container is healthy?
HEALTHCHECK
131
How would we enable Docker Content Trust (DCT)?
We set the environment variable: `DOCKER_CONTENT_TRUST=1`.
132
What is the Docker restart policy called that indicates whether the container should never be restarted automatically?
no
133
What is the Dockerfile directive for setting the base image?
FROM
134
How would we distribute 7 manager nodes across 3 availability zones?
3-2-2
135
What is the command for automatically deleting unused images?
docker image prune
136
What directory would we backup if we needed to backup Swarm data?
`/var/lib/docker/swarm`
137
What is the Dockerfile directive for setting a default command for containers?
CMD
138
What would we call a collection of replica containers running the same image in a swarm?
A service consists of a collection of replica containers running the same image in a swarm.
139
What is the Docker command for listing any running containers?
docker ps
