Docker DCA Docker Certified Associate Exam Practice Test

Page: 1 / 14
Total 191 questions
Question 1

The Kubernetes yaml shown below describes a clusterIP service.

Is this a correct statement about how this service routes requests?

Solution: Traffic sent to the IP of any pod with the label app: nginx on port 8080 will be forwarded to port 80 in that pod.



Answer : B

The statement is incorrect because it does not mention the service name or the clusterIP address. Traffic sent to the IP of any pod with the label app: nginx on port 8080 will not be forwarded to port 80 in that pod, unless the traffic is coming from another pod within the same cluster that knows the pod IP. To access the service from outside the cluster, the traffic must be sent to the clusterIP address of the service, which is assigned by Kubernetes, and the port 8080 of the service, which is defined in the yaml file. The service will then forward the traffic to one of the selected pods on port 80.

To summarize, the correct statement should be:

Traffic sent to theclusterIP addressof the servicedcaon port8080will be forwarded to port 80 in one of the pods with the label app: nginx.


Question 2

You created a new service named 'http* and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service?

Solution. 'docker inspect http"



Answer : B

The commanddocker inspect httpwill not enable you to view the list of historical tasks for the service.Thedocker inspectcommand returns low-level information on Docker objects, such as containers, images, networks, or volumes1.It does not work on services, which are higher-level objects that define the desired state of a set of tasks2.To view the list of historical tasks for a service, you need to use thedocker service pscommand, which shows the current and previous states of each task, as well as the node, error, and ports3.Reference:

docker inspect | Docker Docs

Services | Docker Docs

docker service ps | Docker Docs


Question 3

You add a new user to the engineering organization in DTR.

Will this action grant them read/write access to the engineering/api repository?

Solution: Add them to a team in the engineering organization that has read/write access to the engineering/api repository.



Answer : B

= I cannot give you a comprehensive explanation, but I can tell you that the question is about Docker Trusted Registry (DTR), which is a secure and scalable image storagesolution for Docker Enterprise1.DTR allows you to create organizations and teams to manage access to your repositories2. Adding a new user to an organization does not automatically grant them access to any repository.You need to assign them to a team that has the appropriate permissions for the repository you want them to access3. Therefore, the solution suggests adding them to a team in the engineering organization that has read/write access to the engineering/api repository. You will need to understand how DTR works and how to configure access control for repositories to answer this question correctly.Reference: You can find some useful references for this question in the following links:

Docker Trusted Registry overview

Create and manage organizations and teams

Manage access to repositories


Question 4

Is this an advantage of multi-stage builds?

Solution: faster image builds by allowing parallel execution of Docker builds



Answer : B

= Simultaneously creating and tagging multiple images is not an advantage of multi-stage builds.Multi-stage builds are a feature that allows you to use multiple FROM statements in your Dockerfile, each starting a new stage of the build1. You can selectively copy artifacts from one stage to another, leaving behind everything you don't want in the final image.This helps you to optimize the size and security of your images, as well as to simplify your build process12. However, multi-stage builds do not create or tag multiple images at once.Each Dockerfile produces one final image, which is the result of the last stage in the Dockerfile1.If you want to create and tag multiple images from a single Dockerfile, you need to use the--targetoption with thedocker buildcommand, and specify the name of the stage you want to build and tag3.Reference:

Multi-stage builds | Docker Docs

What Are Multi-Stage Docker Builds? - How-To Geek

Stop at a specific build stage | Docker Docs


Question 5

A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.

Can this be used to schedule containers to meet the security policy requirements?

Solution: resource reservation



Answer : B

Resource reservation is a feature that allows you to specify the amount of CPU and memory resources that a service or a container needs. This helps the scheduler to place the service or the container on a node that has enough available resources. However, resource reservation does not control which node the service or the container runs on, nor does it enforce any separation or isolation between different services or containers. Therefore, resource reservation cannot be used to schedule containers to meet the security policy requirements.


[Reserve compute resources for containers]

[Docker Certified Associate (DCA) Study Guide]

: https://docs.docker.com/config/containers/resource_constraints/

: https://success.docker.com/certification/study-guides/dca-study-guide

Question 6

A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.

Can this be used to schedule containers to meet the security policy requirements?

Solution: label contraints



Answer : A

Label constraints can be used to schedule containers to meet the security policy requirements.Label constraints allow you to specify which nodes a service can run on based on the labels assigned to the nodes1. For example, you can label the nodes that are intended for development withenv=devand the nodes that are intended for production withenv=prod. Then, you can use the--constraintflag when creating a service to restrict it to run only on nodes with a certain label value.For example,docker service create --name dev-app --constraint 'node.labels.env == dev' ...will create a service that runs only on development nodes2.Similarly,docker service create --name prod-app --constraint 'node.labels.env == prod' ...will create a service that runsonly on production nodes3. This way, you can ensure that development and production containers are running on separate nodes in a given Swarm cluster.Reference:

Add labels to swarm nodes

Using placement constraints with Docker Swarm

Multiple label placement constraints in docker swarm


Question 7

Will this command mount the host's '/data' directory to the ubuntu container in read-only mode?

Solution: 'docker run --volume /data:/mydata:ro ubuntu'



Answer : A

= The command 'docker run --volume /data:/mydata:ro ubuntu' will mount the host's '/data' directory to the ubuntu container in read-only mode.The --volume or -v option allows you to mount a host directory or a file to a container as a volume1. The syntax for this option is:

-v|--volume=[host-src:]container-dest[:<options>]

The host-src can be an absolute path or a name value. The container-dest must be an absolute path.The options can be a comma-separated list of mount options, such as rofor read-only, rw for read-write, z or Z for SELinux labels, etc1.In this case, the host-src is /data, the container-dest is /mydata, and the option is ro, which means the container can only read the data from the volume, but not write to it2.This can be useful for sharing configuration files or other data that should not be modified by the container3.Reference:

Use volumes | Docker Documentation

Docker run reference | Docker Documentation

Docker - Volumes - Tutorialspoint


Page:    1 / 14   
Total 191 questions