Docker Certified Associate DCA Exam Practice Test

Answer : B

Answer : A

A DTR security scan will detect licenses for known third party binary components.This is because DTR security scan uses a database of vulnerabilities and licenses that is updated regularly from Docker Server1.DTR security scan can identify the components and versions of the software packages that are present in the image layers, and report any known vulnerabilities or licenses associated with them2.This can help users to comply with the licensing requirements and avoid potential legal issues3.Reference:

Set up vulnerability scans | Docker Docs

Scan images for vulnerabilities | Docker Docs

Container Security 101 --- Scanning images for Vulnerabilities

Answer : B

Docker Universal Control Plane (UCP) has its own built-in authentication mechanism and integrates with LDAP services1.It also has role-based access control (RBAC), so that you can control who can access and make changes to your cluster and applications1.However, there is no mention of Docker ID being a supported user authentication method for UCP in the resources provided1234.

Answer : A

Network is a type of Linux kernel namespace that provides container isolation. Network namespaces isolate the system resources associated with networking, such as network interfaces, IP addresses, routing tables, firewall rules, etc.Each network namespace has its own virtual network stack, and processes in different network namespaces can communicate through virtual network devices or tunnels1.Network namespaces are used by Docker to create isolated networks for containers, and allow users to customize the network configuration and connectivity of each container2.Reference:

network_namespaces(7) - Linux manual page

Docker network overview | Docker Documentation

Answer : B

= Distributing seven managers across three datacenters or availability zones as 3-2-2 is not a good way to ensure high availability and fault tolerance.This is because a swarm cluster requires a majority of managers (more than half) to be available and able to communicate with each other in order to maintain the swarm state and avoid a split-brain scenario1. If one of the datacenters or availability zones with three managers goes down, the remaining four managers will not have a quorum and the swarm will stop functioning.A better way to distribute seven managers across three datacenters or availability zones is 3-3-1 or 3-2-1-1, which will allow the swarm to survive the loss of one or two datacenters or availability zones, respectively2.Reference:

Administer and maintain a swarm of Docker Engines | Docker Docs

How to Create a Cluster of Docker Containers with Docker Swarm and DigitalOcean on Ubuntu 16.04 | DigitalOcean

Answer : B

= The strategy of creating a PersistentVolume with hostPath and a PersistentVolumeClaim to mount the /data directory on your laptop into a container will not work, because hostPath volumes are only suitable for single node testing or development. They are not portable across nodes and do not support dynamic provisioning. If you want to mount a local directory from your laptop into a Kubernetes pod, you need to use a different type of volume, such as NFS, hostPath CSI, or minikube. Alternatively, you can copy the files from your laptop to the container using kubectl cp command.Reference:

Volumes | Kubernetes

Configure a Pod to Use a PersistentVolume for Storage | Kubernetes

Mount a local directory to kubernetes pod - Stack Overflow

Kubernetes share a directory from your local system to kubernetes container - Stack Overflow

How to Mount a Host Directory Into a Docker Container

Answer : B

The commanddocker service create -name dns-cache -p 53:53 -service udp dns-cacheisnot validbecause it has somesyntax errors. The correct syntax for creating a swarm service isdocker service create [OPTIONS] IMAGE [COMMAND] [ARG...]. The errors in the command are:

There should be a space between theoption flagand theoption value. For example,-name dns-cacheshould be-name dns-cache.

The option flag for specifying theservice modeis-mode, not-service. For example,-service udpshould be-mode udp.

The option flag for specifying theport mappingis--publishor-p, not-p. For example,-p 53:53should be--publish 53:53.

The correct command for creating a swarm service that only listens on port 53 using the UDP protocol is:

docker service create --name dns-cache --publish 53:53/udp dns-cache

This command will create a service calleddns-cachethat uses thedns-cacheimage and exposes port 53 on both the host and the container using the UDP protocol.

: : [docker service create | Docker Documentation] : [Publish ports for services | Docker Documentation]