Docker Certified Associate Test Review Questions

Set 1 - Image Creation

Question 1
Which of the following is NOT how to create an efficient image via a Dockerfile?

A Start with an appropriate base image

B Combine multiple applications into a single container
C Avoid installing unnecessary packages
D Use multi-stage builds

Question 2
Which of the following Dockerfile options creates a mount point with the specified name and
marks it as holding externally mounted volumes from native host or other containers?

A ONBUILD
B VOLUME
C RUN
D WORKDIR

Question 3
What docker image prune command does?

A Remove unused images

B Display detailed information on one or more images
C Remove one or more images
D Show the history of an image

Question 4
What Dockerfile option EXPOSE does?

A Expose defaults for an executing container

B Adds metadata to an image
C Informs Docker that the container listens on the specified network ports at runtime
D Label a container that will run as an executable

Question 5
Dockerfile option EXPOSE publish the port to external systems. True or false?

A True
B False

Question 6
Which of the Dockerfile options initializes a new build stage and sets the base image for
subsequent instructions?
A CMD
B FROM
C RUN
D ONBUILD
Question 7
What Dockerfile option LABEL does?

A Label a container that will run as an executable

B Provide defaults for an executing container
C Adds metadata to an image
D Tells Docker how to test a container to check that it is still working

Question 8
Which of the following docker image commands display detailed information on one or more
images?

A docker image history

B docker image ls
C docker image detail
D docker image inspect

Question 9
Which of the Dockerfile options executes any commands in a new layer on top of the current
image and commit the results?

A ONBUILD
B CMD
C FROM
D RUN

Question 10
What does docker image rm command do?

A Show the history of an image

B Display detailed information on one or more images
C Remove unused images
D Remove one or more images

Set 2 - Image Management and Registry

Question 1
Docker image is built up from a series of layers and each layer represents an instruction in the image's
Dockerfile. True or false?

A True
B False

Question 2
What is the docker command to remove one or more images?

A docker delete
B docker image delete
C docker remove
D docker image rm
Question 3
Which of the following is NOT a valid way to tag a Docker image?

A Tag an image referenced by Name

B Tag an image referenced by image ID
C Tag an image referenced by user ID
D Tag an image referenced by Name and Tag

Question 4
Which of the following is the correct command to tag an image?

A docker build tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

B docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
C docker tag TARGET_IMAGE[:TAG] SOURCE_IMAGE[:TAG]
D docker tag image SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

Question 5
What is the image storage solution that is part of Docker Enterprise Edition called?

A Docker Registry
B Universal Control Plane
C Docker Trusted Registry
D Docker Hub

Question 6
Which of the following is the correct command to store an image to a registry?

A docker store [OPTIONS] NAME[:TAG]

B docker upload [OPTIONS] NAME[:TAG]
C docker commit [OPTIONS] NAME[:TAG]
D docker push [OPTIONS] NAME[:TAG]

Question 7
What is the docker command to pull an image or a repository from a registry?

A docker checkout
B docker build
C docker deploy
D docker pull

Question 8
Each container shares common writeable container layer. True or false?

A False
B True

Question 9
What is the docker command for displaying layers of a Docker image?

A docker image layers

B docker info
C docker layers
D docker history
Question 10
Which of the following statements is incorrect?

A The column 'virtual size' of docker ps -s output shows the amount of data used for the read-only
image data used by the container plus the container's writable layer 'size'.
B Copy-on-write is a Docker strategy of sharing and copying files for maximum efficiency.
C When a container is deleted, the writable layer is persisted.
D The column 'size' of docker ps -s output shows the amount of data that is used for the writable layer
of each container.

Orchestration Part 1
Question 1
Which of the following is the docker command to enable autolock on an existing swarm cluster?

A docker swarm autolock

B docker swarm update --autolock-swarm=true
C docker swarm update --autolock=true
D docker swarm --autolock=true

Question 2
What is the difference between a replicated and a global service?
A Good candidates for replicated service are monitoring agents that you want to run on every node in
the swarm. Good candidates for global service are http servers.
B Replicated service can only be deployed on manager node. Global service can be deployed on both
manager and worker node.
C Number of identical tasks can be specified for a replicated service. There is no pre-specified number
of tasks for global service.
D Replicated service runs one task on every node. Global service runs multiple task on every node.

Question 3
What is the default format of docker inspect output?
A yaml
B html
C xml
D json

Question 4
What are the two types of docker swarm services?

A replicated and local services

B local and global services
C replicated and global services
D distributed and replicated services

Question 5
What is the function of docker inspect command?

A To manage Docker configs

B To return low-level information on Docker objects
C To display system-wide information
D To inspect changes to files or directories on a container's filesystem
Orchestration Part 2

Question 1
What is the docker command to add or update a placement constraint?

A docker service update --placement-constraint-add

B docker service update --placement-pref-add
C docker service update --pref-add
D docker service update --constraint-add

Question 2
What is the docker command to update an existing service?

A docker service change

B docker service update
C docker service modify
D docker service config

Question 3
What is the docker command to add or update a node label?

A docker node modify --set-label

B docker node update --label-add
C docker node update --set-label
D docker node add --label

Question 4
What is the docker command to roll back to the previous version of a service?

A docker service update --rollback-version

B docker service update --rollback
C docker service --rollback-version
D docker service --rollback

Question 5
What is the docker command to add or update a mount on a service?

A docker service --add-update-mount

B docker service --mount-volume
C docker service update --mount-add
D docker service set --add-update-mount

Question 6
What is the docker command to add a placement preference?

A docker service update --placement-pref-add

B docker service update --constraint-add
C docker service update --placement-constraint-add
D docker service update --pref-add
Question 7
Which of the following is NOT true about Raft (docker consensus algorithm)?

A If a quorum is not reached, the system will not process any more requests to schedule additional
tasks
B Raft tolerates up to (N-2)/2 failures
C Raft requires a majority or quorum of (N/2) + 1 members
D If a quorum is not reached, the existing tasks will keep running

Question 8
What is the docker command to increase number of replicas?

A docker service replica

B docker service increase
C docker service build
D docker service scale

Question 9
What is the docker command to add a network to a service?

A docker service update --network-add

B docker service modify --add-network
C docker service set --add-network
D docker service add-network

Question 10
What is the docker command to add or update a published port?
A docker service set --add-port
B docker service update --publish-add
C docker service update --publish-port
D docker service modify --add-update-port

Installation and Configuration Part 1

Question 1
What is the correct order to backup Docker EE components?

A Back up swarm, DTR, then UCP

B Back up swarm, UCP, then DTR
C Back up DTR, UCP, then swarm
D Back up UCP, swarm, then DTR

Question 2
What is the docker command to find the current logging driver for a running container?

A docker info
B docker stats
C docker config
D docker inspect

Question 3
What is the correct order to upgrade a Docker cluster?
A Upgrade engine and kernel, DTR, and then UCP
B Upgrade DTR, UCP, then engine and kernel
C Upgrade engine and kernel, UCP, and then DTR
D Upgrade UCP, DTR, then engine and kernel

Question 4
What is the recommended approach to set storage driver?

A Use --storage-driver flag when running dockerd

B Set the "storage-driver" option in the daemon.json file

Question 5
What is the docker command to setup a swarm?

A docker swarm create

B docker create swarm
C docker swarm init
D docker init swarm

Question 6
What are the requirements to install Docker Trusted Registry (DTR)? (Select all that apply)

A All nodes must be a worker node managed by Universal Control Plan

B All nodes must have a fixed hostname
C DTR can be installed on-premises or on a cloud provider
D Make sure the port 8080 and 8443 are open on the node

Question 7
What is the docker command to see the storage driver Docker is currently using?

A docker config
B docker inspect
C docker stats
D docker info

Question 8
What is the docker command to backup the UCP?

A docker backup ucp

B docker/ucp backup

Question 9
How to configure the default logging driver?

A Use --log-driver flag

B Set the "log-driver" option in the daemon.json file

Question 10
What is the docker command to add a node to a swarm?

A docker join swarm

B docker swarm join
C docker swarm add-node
D docker swarm create-node
Installation and Configuration Part 2
Question 1
Which of the following items need to be considered before installing Docker Enterprise?

A Docker Engine, DTR, and UCP version compatibility

B Disk space
C Time Synchronization
D All of the options
E Network ports

Question 2
Which of the following tool to use to create users and teams?

A Docker Machine
B Docker Compose
C Universal Control Plane (UCP)
D Docker Trusted Registry (DTR)

Question 3
You can monitor the status of UCP by using the web UI or the CLI. True or false?

A True
B False

Question 4
What is the docker command to see container logs?

A docker fetch-logs
B docker debug
C docker logs
D docker dump-logs

Question 5
What is the endpoint that we can use to check the health of a single UCP manager node?

A https:///_ping
B https:///_health
C https:///_heartbeat
D https:///_status

Question 6
Which of the following is how to configure the Docker daemon to start on boot? (select two)

A Use upstart for Ubuntu 14.10 and below

B Use systemd for most current Linux distributions (RHEL, CentOS, Fedora, Ubuntu 16.04 and higher)
C Use startup for most current Linux distributions (RHEL, CentOS, Fedora, Ubuntu 16.04 and higher)
D Use crond for Ubuntu 14.10 and below
Networking Part 1

Question 1
What is the docker command to connect a running container to an existing user-defined bridge?

A docker network connect

B docker network attach
C docker network join
D docker connect network

Question 2
Which network driver type is best when you need containers running on different Docker hosts to
communicate, or when multiple applications work together using swarm services?
A Overlay networks
B Host networks
C User-defined bridge networks
D Macvlan networks

Question 3
Which network driver type is best when you need multiple containers to communicate on the same
Docker host?

A User-defined bridge networks

B Host networks
C Overlay networks
D Macvlan networks

Question 4
Which network driver type is best when you are migrating from a VM setup or need your containers to
look like physical hosts on your network, each with a unique MAC address?

A Overlay networks
B Macvlan networks
C User-defined bridge networks
D Host networks

Question 5
Which network driver type is best when the network stack should not be isolated from the Docker host,
but you want other aspects of the container to be isolated?

A User-defined bridge networks

B Host networks
C Overlay networks
D Macvlan networks

Question 6
What is the docker command to create a bridge network?

A docker network create

B docker network deploy
C docker create network
D docker network add
Question 7
Which of the following statements is false?

A Linked containers on the default bridge network share environment variables

B Containers can NOT be attached and detached from user-defined networks on the fly
C Each user-defined network creates a configurable bridge
D User-defined bridges provide automatic DNS resolution between containers
E User-defined bridges provide better isolation and interoperability between containerized applications

Question 8
What is the docker command to display detailed information on one or more networks?

A docker network inspect

B docker inspect network
C docker network status
D docker network display

Question 9
What is the docker run option to publish a port so that an application is accesible externally?

A docker run --expose

B docker run --open-port
C docker run --publish-port
D docker run --publish

Question 10
Which of the following docker command can be used to find out all the ports mapped? (select three)

A docker port
B docker ps
C docker inspect
D docker network ls

Networking Part 2

Question 1
What is the command to set DNS server for all Docker containers?

A dockerd --dns IP_ADDRESS

B dockerd --dns-server IP_ADDRESS
C dockerd --dns-update IP_ADDRESS
D dockerd --set-dns IP_ADDRESS

Question 2
What is the docker command to create a container with custom DNS server(s)?

A docker container create --add-dns=IP_ADDRESS

B docker container create --set-dns=IP_ADDRESS
C docker container create --dns=IP_ADDRESS
D docker container create --custom-dns=IP_ADDRESS
Question 3
Which of the following is NOT one of the 3 main Docker Container Network Model components?

A Sandbox
B Network
C Endpoint
D Routing

Question 4
Publishing a service's port using the routing mesh makes the service accessible at the published port on
every swarm node. True or false?

A False
B True

Question 5
What type of network is ingress network?

A overlay network
B bridge network
C macvlan network
D host network

Security

Question 1
What is the command that need to be executed to sign an image before pushing it to repository?

A export DOCKER_CONTENT_TRUST=1
B export SIGN_DOCKER_IMAGE=1
C export TRUST_DOCKER_CONTENT=1
D export TRUST_DOCKER_IMAGE=1

Question 2
Where do you create Docker Role Based Access Controls (RBAC)?

A Docker Machine
B Docker Trusted Registry
C Docker Compose
D Universal Control Plane

Question 3
What is the difference between UCP workers and managers?

A ucp-agent service automatically starts serving all UCP components in worker node, and only a proxy
service in manager node
B ucp-agent service automatically starts serving all UCP components in manager node, and only a
proxy service in worker node

Question 4
What are the steps needed to sign images in a way that UCP trusts them? (select three)

A Configure Notary client

B Initialize trust metadata for the repository
C Approve image sign on UCP
D Delegate signing to the keys in your UCP client bundle
Question 5
Docker security scan can be started by all users including those with read-only access. True or false?

A False
B True

Question 6
Where is the option to integrate Docker Enterprise with LDAP?

A Docker Compose
B Docker Trusted Registry
C Universal Control Plane
D Docker Machine

Question 7
Which of the followings are Docker Engine Security features? (select all that apply)

A You can configure Docker’s trust features so that your users can push and pull trusted images
B You can protect the Docker daemon socket and ensure only trusted Docker client connections
C You can use certificate-based client-server authentication to verify a Docker daemon has the rights
to access images on a registry
D You can configure secure computing mode (Seccomp) policies to secure system calls in a container

Question 8
Docker security scan result is available in both UCP and DTR. True or false?

A True
B False

Question 9
What are the two types of UCP client bundles?

A Ops client bundles and dev client bundles

B Admin user certificate bundles and user certificate bundles
C Docker CLI bundles and Docker web UI bundles
D Docker UCP client bundles and DTR client bundles

Question 10
What is a grant made up of in Docker's Role Based Access Controls (RBAC)? (select three)

A Resource collection
B Subject
C Certificate
D Role