Docker Associate Exam
Which of the following patterns would exclude all Python byte-code files from being copied during the Docker image creation process?
** / .pyc
Which of the following patterns would exclude all Python byte-code files from being copied during the Docker image creation process?
**/*.pyc
Which of the following flags can be used with "docker build" command so that it never uses cached layer during the build steps.
--no-cache
Which of the following is a valid flag to not use cache while doing a docker build?
--no-cache --no-cache=true
Which of the following is NOT true about dockerignore?
.dockerignore is available only with docker enterprise edition
What would be the runtime working directory of a container built from the following Docker file? From Alpine WORKDIR /a WORKDIR /b WORKDIR c CMD pwd
/b/c
You are running UCP service on a swarm with 3 managers and 2 workers. You need to schedule a backup policy for your UCP service. How many nodes you need to fully back up this service?
1
Which of the following scenarios would still allow the quorum to have maintenance in a swarm cluster?
A 3-node cluster with 1 node down. A 7-node cluster with 3 nodes down.
What are the Two types of UCP client bundles?
Admin user certificate bundles and user certificate bundles
One fine morning while configuring docker host bob got stuck with a problem. Docker service just wouldn�t start. After checking logs Bob found the following error. When would an error like this arise? unable to configure the Docker daemon with file /etc/docker/daemon.json: the following directives are specified both as a flag and in the configuration file: hosts: (from flag: [unix:///var/run/docker.sock], from file: [tcp://127.0.0.1:23]
After configuring the same flag in both daemon.json and dockerd flags
By default, all containers on the same Docker network (multi-host swarm scope or local scope) have connectivity with each other on _____ ports.
All
What are the requirements to install Docker Trusted Registry?
All nodes must be a work node managed by UCP, can be in premise or on cloud, must have fixed hostnames
What are the requirements to install Docker Trusted Registry (DTR)? (Select all that apply)
All nodes must have a fixed hostname DTR can be installed on-premises or on a cloud provider All nodes must be a worker node managed by Universal Control Pla
Which of the following statements is NOT TRUE about replicated service in docker? For replicated services you can specify number of replica tasks If you don't specify a mode, the service defaults to replicated A service running in a replicated mode may not run in all nodes A replicated service, the scheduler places one task on each available that meets the service's placement constraints and resource requirements
Answer :A replicated service, the scheduler places one task on each available that meets the service's placement constraints and resource requirements
what is the correct way to backup Docker EE components?
Backup Swarm, UCP, and then DTR
Bob has configured his docker daemon to use syslog log driver by default, how can he run a container which uses json-file log driver?
By using "--log-driver json-file" along with docker run
Bob has configured his docker daemon to use syslog log driver by default, how can he run a container which uses json-file log driver?
By using "--log-driver json-file"along with docker run
You have the following values in your Dockerfile ENV abc=hello ENV abc=bye def=$abc ENV ghi=$abc What is the correct output of command 'echo $abc $def $ghi' run inside the container?
Bye hello bye
Danny wants to prevent Docker Swarm encryption keys from being stored insecurely on her swarm managers. how can he tackle enforcing a lock on the swarm cluster?
Danny can use the --autolock=true flag with the docker swarm update command
What are the steps to perform to sign images in a way that UCP trusts them? (select all that apply)
Delegate signing to the keys in your UCP client bundle Initialize trust metadata for the repository Configure Notary client
Bob has username �bob� on his linux system. He did a fresh installation of Docker and he doesn't want to preface docker commands with sudo. To which linux user group should he add himself to achieve that?
Docker
Which docker edition would you choose for obtaining the latest Docker Engine updates?
Docker CE or Docker EE
Where can you get a repository URL for installing Docker Enterprise Edition?
Docker Hub
Which of the following is not backed up when performing a DTR metadata backup?
Docker Images
Which of the following gives a web dashboard to manage docker cluster?
Docker UCP
Which of the following commands can be used to see IPv4 subnet of a network?
Docker network inspect
Which of the following is NOT TRUE about running a stack of services? The docker-compose.yaml file can be used both on docker stack and docker-compose. The docker-compose.yaml file must be version 3.0 or higher in order to use it in a stack. Docker stack can run without docker swarm A stack would run across all nodes on a Swarm, while running on docker-compose would run in a single node, even if it is a swarm node.
Docker stack can run without docker swarm
You created a Docker swarm cluster using �docker swarm init� command. After creating the swarm cluster you got a command using which you could add a worker to your cluster. But you have lost that command and now you want to add new workers to your cluster. How would you do that?
Docker swarm join-token worker
Which of the following is NOT true regarding docker swarm mode? You can deploy both kinds of nodes, managers and workers, using the Docker Engine For each service, you can declare the number of tasks you want to run. When you scale up or down, the swarm manager automatically adapts by adding or removing tasks to maintain the desired state. The swarm manager automatically assigns addresses to the containers on the overlay network when it initializes or updates the application. Docker swarm mode is a plugin which you can install alongside docker to run a cluster of docker engines
Docker swarm mode is a plugin which you can install alongside docker to run a cluster of docker engines
Dockerfile directive that sets up base image
FROM
In Docker security scan result is available in both UCP and DTR.?
False, only DTR
Which of the following statements is NOT TRUE about replicated service in docker? A service running in a replicated mode may not run in all nodes. For replicated services, the scheduler places one task on each available node that meets the service�s placement constraints and resource requirements. (Correct) If you don�t specify a mode, the service defaults to replicated For replicated services you can specify number of replica tasks
For replicated services, the scheduler places one task on each available node that meets the service�s placement constraints and resource requirements.
Which of the following statement is correct? Pick exactly two statements. Options are : If multiple containers are spawned from the same image, then they all use the same copy of image in memory Container can exist without the image but image cannot exist without container Image is a collection of immutable layers whereas container is a running instance of an image
Image is a collection of immutable layers whereas container is a running instance of an image If multiple containers are spawned from the same image, then they all use the same copy of image in memory
Which of the following statement is correct? Pick exactly two statements. Options are : Image is a collection of immutable layers whereas container is a running instance of an image. Container can exist without the image but image cannot exist without container Only one container can be spawned from a given image at a time If multiple containers are spawned from the same image then they all use the same copy of image in memory.
Image is a collection of immutable layers whereas container is a running instance of an image. If multiple containers are spawned from the same image then they all use the same copy of image in memory.
Which of the below statements does not apply to the WORKDIR directive?
It affects only the build and does not impact containers that run from the image.
Which of the following is NOT true about a feature provided by namespace? Options are : Namespaces left different sets of processes see different set of resources Processes running within a container cannot see processes running on host system Processes running within a container cannot see processes running in another container It can help in limiting the memory used by a container
It can help in limiting the memory used by a container
What does the EXPOSE directive do?
It documents ports intended for publishing at the time of running a container.
Which of the following statements truly applies to the ENV directive?
It sets environment variables that are made available in subsequent build steps and to containers at the runtime.
Which of the following is true about Entrypoint of an Image.
It's a command that will be executed anytime a container is created using the image.
Niels has an application that consists of multiple different containers that interact with one another. what should he use to manage this application in a Docker Swarm?
Niels should use a stack
What is the difference between a replicated and a global service?
Number of identical tasks can be specified for a replicated service. There is no pre-specified number of tasks for global service
A global service is a service that runs ____ task/tasks on every node that meet the placement and resource constraints
One
Procedure for backing up UCP metadata
Run a container from the UCP image with the backup command
How to configure the default logging driver?
Set the "log-driver" option in the deamon.json file
What is the recommended approach to set storage driver?
Set the "storage-driver" option in the daemon.json file
What is the correct order a system administrator should follow for creating a backup policy for the Docker Enterprise Edition?
Swarm, ucp, dtr
How is the ADD directive different from COPY ? (Choose two)
The ADD directive can pull a file from an external URL. The ADD directive can extract an archive into the image.
Describe what the RUN directive does?
The RUN directive executes a command and commits the resulting changed file as a new layer in the image
What is the function of docker inspect command?
To return low-level information on Docker objects
what is the difference between UCP workers and managers?
UCP-agent service automatically starts serving all UCP components in manager node, and only a proxy service in worker node
What two ways can you monitor UCP status?
UI and CLI
Where is the option to integrate Docker Enterprise with ldap?
Universal Control Plane
Which of the following tool is used to create users and teams?
Universal Control Plane
What is the correct order to upgrade a Docker cluster?
Upgrade engine and kernel, UCP, and then DTR
You have the following values in your Dockerfile ENV abc=hello ENV abc=bye def=$abc ENV ghi=$abc What is the correct output of command "echo $abc $def $ghi" run inside the container?
bye hello bye
The feature of limiting memory while running a container is provided by which of the following?
cgroups
Bob has username "bob" on his linux system. He did a fresh installation of Docker and he doesn't want to preface docker commands with sudo. To which linux user group should he add himself to achieve that?
docker
what is the command to set DNS server for all Docker Containers?
docker --dns IP_ADRESS
You are in a directory containing a file named Dockerfile-app. You want to build a docker image using this "Dockerfile-app" file without renaming it to "Dockerfile". Which of the following answers is correct?
docker build -f Dockerfile-app
What is the docker command to create container with custom DNS servers?
docker container create --dns=IP_ADDRESS
What command would we use to locate the layered file system data for an image on a machine?
docker image inspect
Which of the following commands can be used to check Entrypoint and CMD of a given docker image?
docker image inspect
What is the docker command to find the current logging driver for running a container?
docker inspect
Which of the following commands can we use to view detailed metadata about a container? (select two)
docker inspect docker container inspect
Which of the following docker command can be used to find out all the ports mapped? (select all that apply).
docker inspect docker ps docker port
What is docker command to see container logs?
docker logs
what is the docker command to display detailed information on one or more networks?
docker network inspect
Which of the following commands can be used to delete an existing image?
docker rmi
Which of the following commands will ensure that a container uses a maximum of 1 GB of active memory?
docker run --memory 1G nginx
which of the following is correct if container exits due to an error, which manifests as a non-zero exit code?
docker run --restart on-failure nginx
Which one is a valid command to run a global service in docker swarm?
docker service create --mode global
Your company needs to run a custom monitoring application published in Docker Hub called "examplecorp/stats-collector". You must ensure this would run in all swarm nodes, regardless how many nodes you currently have or if a new one would join the swarm eventually. This monitoring system requires an environment variable called ENDPOINT_ADDRESS that sends the metrics to an external service hosted at 'service.example.com'. Which of the following commands would accomplish these requirements?
docker service create --name stats-collector --mode=global -e ENDPOINT_ADDRESS="service.example.com" examplecorp/stats-collector
What is the docker command to increase number of replicas?
docker service scale
what is the docker command to add or update a published port?
docker service update --publish-add
what is the docker command to roll back to the previous version of a service?
docker service update --rollback
What is the docker command to add a network to a service?
docker service update -network-add
What is docker command to create swarm?
docker swarm init
What is the docker command to setup a swarm?
docker swarm init
what is the docker command to set up swarm?
docker swarm init
What is the docker command to add a node to a swarm?
docker swarm join
You created a docker swarm cluster using "docker swarm init" After creating the swarm cluster you got a commend using which you could add a worker to your cluster. But you have lost that command and now you want to add new workers to your cluster. How would you do that?
docker swarm join-token worker
Which of the following statement below is NOT TRUE about docker-compose? Options are : docker-compose is well suited for development environments docker-compose can not be used to create new container images docker-compose will bring up services as specified in docker-compose.yml docker-compose can be used with docker swarm to run services across different workers.
docker-compose can be used with docker swarm to run services across different workers.
what is the Docker command to backup UCP?
docker/UCP backup
What is the docker command to backup the UCP?
docker/ucp backup
Given the following Dockerfile below: FROM ubuntu ENTRYPOINT ["exec_entry", "p1_entry"] CMD exec-cmd p1_cmd What is the command that gets executed when someone runs the image built using this Dockerfile?
exec_entry p1_entry /bin/sh -c " exec-cmd p1_cmd "
Given the following Dockerfile below: FROM alpine ENTRYPOINT ["exec_entry", "p1_entry"] CMD ["exec_cmd", "p1_cmd"] What is the command that gets executed when someone runs this image built using this Dockerfile?
exec_entry p1_entry exec_cmd p1_cmd
how do you sign and image before pushing it to repository?
export DOCKER_CONTENT_TRUST=1
What is the endpoint that we can use to check the health of a single UCP manager node?
https://_ping
Fill in the blank: On Linux, Docker manipulates _______ rules to provide network isolation.
iptables
What is the default format of docker inspect output?
json
Bob did a fresh installation of docker on his new linux server. He hasn�t tinkered with anything and has just installed docker packages from official repository. He runs a new container with command "docker run -d nginx" , which logging driver will this container use?
json-file
Network isolation by docker is provided by which one of the following linux kernel features?
namespaces
Which of the following is true about building docker Images?
only layers that have changed since the last build (and any following layers) are built
What are the two types of docker swarm services?
replicated and global services
what does the FROM directive do?
sets base image that can be used as a platform to begin builds
Bob wants to debug some issues happening with his docker daemon running on a linux system, he made some changes to his docker daemon using daemon.json file, now he wants docker to reload those changes but he can�t restart docker because he has something critical running on it, which of the following might help him achieve that?
sudo kill -SIGHUP $(pidof dockerd)
Which of the following namespaces is not enabled by default?
user
Which version of "docker-compose.yml" files can you use with "docker stack" command?
version 3 and above