3 Months Free Update
3 Months Free Update
3 Months Free Update
In Docker Trusted Registry, is this how a user can prevent an image, such as 'nginx:latest’, from being overwritten by another user with push access to the repository?
Solution: Remove push access from all other users.
Will this command display a list of volumes for a specific container?
Solution: docker volume inspect nginx'
Does this describe the role of Control Groups (cgroups) when used with a Docker container?
Solution: accounting and limiting of resources
Will this command mount the host's '/data* directory to the ubuntu container in read-only mode?
Solution. ‘docker run -add-volume /data /mydata -read-only ubuntu'
Is this an advantage of multi-stage builds?
Solution: better caching when building Docker images
The following Docker Compose file is deployed as a stack:
Is this statement correct about this health check definition?
Solution. Health checks lest for app health ten seconds apart. Three failed health checks transition the container into "unhealthy" status.
A Kubernetes node is allocated a /26 CIDR block (64 unique IPs) for its
address space.
If every pod on this node has exactly two containers in it, how many pods can
this address space support on this node?
Will this sequence of steps completely delete an image from disk in the Docker Trusted Registry?
Solution: Delete the image and delete the image repository from Docker Trusted Registry
Is this a function of UCP?
Solution: scans images to detect any security vulnerability
Does this command create a swarm service that only listens on port 53 using the UDP protocol?
Solution: ‘docker service create -name dns-cache -p 53:53 -service udp dns-cache'
In Docker Trusted Registry, is this how a user can prevent an image, such as 'nginx:latest’, from being overwritten by another user with push access to the repository?
Solution: Tag the image with 'nginx:immutable'.
You want to create a container that is reachable from its host's network.
Does this action accomplish this?
Solution. Use either EXPOSE or -publish to access the container on the bridge network.
Can this set of commands identify the published port(s) for a container?
Solution. ‘docker container inspect", docker port'
You want to provide a configuration file to a container at runtime. Does this set of Kubernetes tools and steps accomplish this?
Solution: Turn the configuration file into a configMap object and mount it directly into the appropriate pod and container using the .spec.containers.configMounts key.
Is this a Linux kernel namespace that is disabled by default and must be enabled at Docker engine runtime to be used?
Solution: mnt
Is this a function of UCP?
Solution: enforces the deployment of signed images to the cluster
Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application.
Is this a way to accomplish this?
Solution: Create one pod and add all the resources needed for each application
The Kubernetes yaml shown below describes a networkPolicy.
Will the networkPolicy BLOCK this trafftc?
Solution. a request issued from a pod bearing only the tier: frontend label, to a pod bearing the tier: backend label
You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_C0NTENT_TRUST=l. If myorg/myimage: 1.0 is unsigned, does Docker block this command?
Solution. docker image build, from a Dockeflle that begins FROM myorg/myimage: l1.0
Will this action upgrade Docker Engine CE to Docker Engine EE?
Solution. Run docker engine activate.
Is this a type of Linux kernel namespace that provides container isolation?
Solution: Storage
Will this action upgrade Docker Engine CE to Docker Engine EE?
Solution: Delete '/var/lib/docker' directory.
Will this command display a list of volumes for a specific container?
Solution: 'docker container inspect nginx'
Will this command list all nodes in a swarm cluster from the command line?
Solution. ‘docker inspect nodes
You configure a local Docker engine to enforce content trust by setting the environment variable
DOCKER_CONTENT_TRUST=1.
If myorg/myimage: 1.0 is unsigned, does Docker block this command?
Solution: docker container run myorg/myimage:1.0
Seven managers are in a swarm cluster.
Is this how should they be distributed across three datacenters or availability zones?
Solution: 4-2-1
Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory?
Solution: cgroups
In Docker Trusted Registry, is this how a user can prevent an image, such as 'nginx:latest’, from being overwritten by another user with push access to the repository?
Solution: Use the DTR web Ul to make all tags in the repository immutable.
You want to create a container that is reachable from its host's network.
Does this action accomplish this?
Solution. Use network connect to access the container on the bridge network.
Is this an advantage of multi-stage builds?
Solution: optimizes Images by copying artifacts selectively from previous stages
You add a new user to the engineering organization in DTR.
Will this action grant them read/write access to the engineering/api repository?
Solution. Mirror the engineering/api repository to one of the user's own private repositories.
Your organization has a centralized logging solution, such as Splunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution: docker system events --filter splunk
Will this configuration achieve fault tolerance for managers in a swarm?
Solution: only two managers, one active and one passive.
A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.
Can this be used to schedule containers to meet the security policy requirements?
Solution: resource reservation
Your organization has a centralized logging solution, such as Splunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution: Set the log-driver and log-oPt keys to values for the logging solution (Splunk) In the daemon.json file.
Will a DTR security scan detect this?
Solution. private keys copied to the image
Will this command mount the host's '/data1 directory to the ubuntu container in read-only mode?
Solution. ‘docker run -v /data:/mydata -mode readonly ubuntu'
Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate?
Solution: Set IGNORE_TLS in the 'daemon.json' configuration file.
You want to create a container that is reachable from its host's network. Does this action accomplish this?
Solution: Use --link to access the container on the bridge network.
One of several containers in a pod is marked as unhealthy after failing its livenessProbe many times. Is this the action taken by the orchestrator to fix the unhealthy container?
Solution: The unhealthy container is restarted.
A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster. Can this be used to schedule containers to meet the security policy requirements?
Solution. environment variables