Is this an advantage of multi-stage builds?
Solution: simultaneously creates and tags multiple images
Answer : B
Will a DTR security scan detect this?
Solution: licenses for known third party binary components
Answer : A
A DTR security scan will detect licenses for known third party binary components.This is because DTR security scan uses a database of vulnerabilities and licenses that is updated regularly from Docker Server1.DTR security scan can identify the components and versions of the software packages that are present in the image layers, and report any known vulnerabilities or licenses associated with them2.This can help users to comply with the licensing requirements and avoid potential legal issues3.Reference:
Set up vulnerability scans | Docker Docs
Scan images for vulnerabilities | Docker Docs
Container Security 101 --- Scanning images for Vulnerabilities
In Kubernetes, to mount external storage to a filesystem path in a container within a pod, you would use a volume in the pod specification. This volume is populated with a persistentVolumeClaim that is bound to an existing persistentVolume. The persistentVolume is defined and managed by the storageClass which provides dynamic or static provisioning of the volume and determines what type of storage will be provided1. Reference:
*Dynamic Volume Provisioning | Kubernetes
Is this a supported user authentication method for Universal Control Plane?
Solution: Docker ID
Answer : B
Docker Universal Control Plane (UCP) has its own built-in authentication mechanism and integrates with LDAP services1.It also has role-based access control (RBAC), so that you can control who can access and make changes to your cluster and applications1.However, there is no mention of Docker ID being a supported user authentication method for UCP in the resources provided1234.
Is this a type of Linux kernel namespace that provides container isolation?
Solution: Network
Answer : A
Network is a type of Linux kernel namespace that provides container isolation. Network namespaces isolate the system resources associated with networking, such as network interfaces, IP addresses, routing tables, firewall rules, etc.Each network namespace has its own virtual network stack, and processes in different network namespaces can communicate through virtual network devices or tunnels1.Network namespaces are used by Docker to create isolated networks for containers, and allow users to customize the network configuration and connectivity of each container2.Reference:
network_namespaces(7) - Linux manual page
Docker network overview | Docker Documentation
Seven managers are in a swarm cluster.
Is this how should they be distributed across three datacenters or availability zones?
Solution: 3-2-2
Answer : B
= Distributing seven managers across three datacenters or availability zones as 3-2-2 is not a good way to ensure high availability and fault tolerance.This is because a swarm cluster requires a majority of managers (more than half) to be available and able to communicate with each other in order to maintain the swarm state and avoid a split-brain scenario1. If one of the datacenters or availability zones with three managers goes down, the remaining four managers will not have a quorum and the swarm will stop functioning.A better way to distribute seven managers across three datacenters or availability zones is 3-3-1 or 3-2-1-1, which will allow the swarm to survive the loss of one or two datacenters or availability zones, respectively2.Reference:
Administer and maintain a swarm of Docker Engines | Docker Docs
How to Create a Cluster of Docker Containers with Docker Swarm and DigitalOcean on Ubuntu 16.04 | DigitalOcean
During development of an application meant to be orchestrated by Kubernetes, you want to mount the /data directory on your laptop into a container.
Will this strategy successfully accomplish this?
Solution: Create a PersistentVolume with storageciass: "" and hostPath: /data, and a persistentVolumeClaim requesting this PV. Then use that PVC to populate a volume in a pod
Answer : B
= The strategy of creating a PersistentVolume with hostPath and a PersistentVolumeClaim to mount the /data directory on your laptop into a container will not work, because hostPath volumes are only suitable for single node testing or development. They are not portable across nodes and do not support dynamic provisioning. If you want to mount a local directory from your laptop into a Kubernetes pod, you need to use a different type of volume, such as NFS, hostPath CSI, or minikube. Alternatively, you can copy the files from your laptop to the container using kubectl cp command.Reference:
Volumes | Kubernetes
Configure a Pod to Use a PersistentVolume for Storage | Kubernetes
Mount a local directory to kubernetes pod - Stack Overflow
Kubernetes share a directory from your local system to kubernetes container - Stack Overflow
How to Mount a Host Directory Into a Docker Container
Does this command create a swarm service that only listens on port 53 using the UDP protocol?
Solution: 'docker service create -name dns-cache -p 53:53 -service udp dns-cache'
Answer : B
The commanddocker service create -name dns-cache -p 53:53 -service udp dns-cacheisnot validbecause it has somesyntax errors. The correct syntax for creating a swarm service isdocker service create [OPTIONS] IMAGE [COMMAND] [ARG...]. The errors in the command are:
There should be a space between theoption flagand theoption value. For example,-name dns-cacheshould be-name dns-cache.
The option flag for specifying theservice modeis-mode, not-service. For example,-service udpshould be-mode udp.
The option flag for specifying theport mappingis--publishor-p, not-p. For example,-p 53:53should be--publish 53:53.
The correct command for creating a swarm service that only listens on port 53 using the UDP protocol is:
docker service create --name dns-cache --publish 53:53/udp dns-cache
This command will create a service calleddns-cachethat uses thedns-cacheimage and exposes port 53 on both the host and the container using the UDP protocol.
: : [docker service create | Docker Documentation] : [Publish ports for services | Docker Documentation]