Docker Certified Associate DCA Exam Questions

Answer : A

= Provisioning a Docker config object for each environment is a way to provision configuration to containers at runtime. Docker configs allow services to adapt their behaviour without the need to rebuild a Docker image. Services can only access configs when explicitly granted by a configs attribute within the services top-level element.As with volumes, configs are mounted as files into a service's container's filesystem1.Docker configs are supported on both Linux and Windows services2.Reference:Docker Documentation,Configs top-level element

Answer : A

Docker Content Trust (DCT) is a feature that allows users to verify the integrity and publisher of container images they pull or deploy from a registry server, signed on a Notaryserver1. DCT is enabled by setting the environment variable DOCKER_CONTENT_TRUST=1 on the Docker client.When DCT is enabled, the Docker client will only pull, run, or build images that have valid signatures for a specific tag2.However, DCT does not apply to the docker image import command, which allows users to import an image or a tarball with a repository and tag from a file or STDIN3. Therefore, if myorg/myimage:1.0 is unsigned, Docker will not block the docker image import <tarball>myorg/myimage:1.0 command, even if DCT is enabled. This is because the docker image import command does not interact with a registry or a Notary server, and thus does not perform any signature verification. However, this also means that the imported image will not have any trust data associated with it, and it will not be possible to push it to a registry with DCT enabled, unless it is signed with a valid key.Reference:

Content trust in Docker

Automation with content trust

[docker image import]

[Content trust and image tags]

Answer : B

Docker Universal Control Plane (UCP) has its own built-in authentication mechanism and integrates with LDAP services1.It also has role-based access control (RBAC), so that you can control who can access and make changes to your cluster and applications1.However, there is no mention of Docker ID being a supported user authentication method for UCP in the resources provided1234.

Answer : B

= This is not a way to configure the Docker engine to use a registry without a trusted TLS certificate. There is no such option as IGNORE_TLS in the daemon.json configuration file.The daemon.json file is used to configure various aspects of the Docker engine, such as logging, storage, networking, and security1.To use a registry without a trusted TLS certificate, you need to either add the certificate to the trusted root certificates of the system, or configure the Docker engine to allow insecure registries2.To add the certificate to the trusted root certificates, you need to copy the certificate file to the /etc/docker/certs.d/<registry-hostname>/ directory on every Docker host2.To configure the Docker engine to allow insecure registries, you need to add the registry hostname or IP address to the ''insecure-registries'' array in the daemon.json file3. For example:

{ ''insecure-registries'' : [''myregistry.example.com:5000''] }

Note that using insecure registries is not recommended, as it exposes you to potential man-in-the-middle attacks and data corruption3.You should always use a registry with a trusted TLS certificate, or use Docker Content Trust to sign and verify your images4.Reference:

Daemon configuration file | Docker Docs

Verify repository client with certificates | Docker Docs

Test an insecure registry | Docker Docs

Content trust in Docker | Docker Docs

Answer : A

In the context of a swarm mode cluster, an instance of the Docker engine participating in the swarm is indeed a node1.A node can be either a manager or a worker, depending on the role assigned by the swarm manager2.A manager node handles the orchestration and management of the swarm, while a worker node executes the tasks assigned by the manager2.A node can join or leave a swarm at any time, and the swarm manager will reconcile the desired state of the cluster accordingly1.Reference:

1: Swarm mode overview | Docker Docs

2: Manage nodes in a swarm | Docker Docs

Answer : B

Explore

The creation of a persistentVolumeClaim with a specified pre-defined provisioner is not sufficient for Kubernetes to dynamically provision a persistentVolume. There are otherfactors and configurations that need to be considered and set up, such as storage classes and the appropriate storage provisioner configurations.A persistentVolumeClaim is a request for storage by a user, which can be automatically bound to a suitable persistentVolume if one exists or dynamically provisioned if one does not exist1.A provisioner is a plugin that creates volumes on demand2.A pre-defined provisioner is a provisioner that is built-in or registered with Kubernetes, such as aws-ebs, gce-pd, azure-disk, etc3. However, simply specifying a pre-defined provisioner in a persistentVolumeClaim is not enough to trigger dynamic provisioning.You also need to have a storage class that defines the type of storage and the provisioner to use4.A storage class is a way of describing different classes or tiers of storage that are available in the cluster5.You can create a storage class with a pre-defined provisioner, or use a default storage class that is automatically created by the cluster6. You can also specify parameters for the provisioner, such as the type, size, zone, etc.of the volume to be created7. To use a storage class for dynamic provisioning, you need to reference it in the persistentVolumeClaim by name, or use the special value '''' to use the default storage class. Therefore, to enable dynamic provisioning, you need to have both a persistentVolumeClaim that requests a storage class and a storage class that defines a provisioner.Reference:

Persistent Volumes

Dynamic Volume Provisioning

Provisioner

Storage Classes

Configure a Pod to Use a PersistentVolume for Storage

Change the default StorageClass

Parameters

[PersistentVolumeClaim]

I also noticed that you sent me two images along with your question. The first image shows the Kubernetes logo, which consists of seven spokes connected to a central hub, forming an almost circular shape. The logo is blue and placed on a white background. It's encapsulated within a hexagonal border. The second image shows a diagram of the relationship between persistent volumes, persistent volume claims, and pods in Kubernetes. It illustrates how a pod can use a persistent volume claim to request storage from a persistent volume, which can be either statically or dynamically provisioned. The diagram also shows how a storage class can be used to define the type and provisioner of the storage. I hope this helps you understand the concept of persistent storage in Kubernetes.

Answer : B

= The commanddocker service create -name dns-cache -p 53:53 -udp dns-cachewill not create a swarm service that only listens on port 53 using the UDP protocol. The reason is that the command has several syntax errors and invalid options.The correct command to create a swarm service that only listens on port 53 using the UDP protocol isdocker service create --name dns-cache --publish published=53,target=53,protocol=udp dns-cache12. The commanddocker service create -name dns-cache -p 53:53 -udp dns-cachehas the following problems:

The option-nameis not a valid option fordocker service create.The valid option for specifying the service name is--name3.

The option-pis not a valid option fordocker service create.The valid option for publishing a port for a service is--publish1.

The option-udpis not a valid option fordocker service create.The valid option for specifying the protocol for a published port isprotocolwithin the--publishoption1.

The argument53:53is not a valid argument fordocker service create.The argument fordocker service createshould be the image name for the service, such asdns-cache3.The source and target of the published port should be specified in the--publishoption, separated by a comma1.

Therefore, the commanddocker service create -name dns-cache -p 53:53 -udp dns-cachewill not work as intended, and will likely produce an error message or an unexpected result.Reference:

Use swarm mode routing mesh

Manage swarm service networks

docker service create