Which fundamental networking technology does the native (local) overlay
driver leverage when creating multi-host container networks?
- VLAN
- Token Ring
- VXLAN (Ans)
- FCoE
You need to create a singe container network that spans multiple hosts and gives all containers on the network IP addresses from the same L2 subnet.
Which built-in Docker networking driver would you use?
- bridge
- overlay (Ans)
- ipvlan
- l2-overlay
Which of the following commands would you use to display all networks present on a particular Docker host?
- docker networks get
- docker network ls (Ans)
- docker network display
- docker network show
In which of the following scenarios will the built-in Docker name resolution allow two containers to resolve each other by name?
- Two containers created with the –name flag and both containers are on the same container network (Ans)
- Two containers created with the –name flag and both containers are part of the same Swarm Service
- Two containers created with the –name flag and both containers are part of the same Swarm
- Both containers are on the same Docker host
You manage a production Docker estate and want to make sure all of the nodes in a particular Swarm can handle and process requests for a particular service. You
need this to work even if nodes in the Swarm are not running a task for the service. Which technology should you use to accomplish this?
- IPVLAN
- Service Discovery
- The Routing Mesh (Ans)
- An traditional external load balancer
Which of the following container networks is used by Swarm Mode for internal routing of traffic?
- overlay
- nat
- ingress (Ans)
- bridge
Which core Docker component contains the bulk of networking code and is the de facto implementation of the CNM?
- bridgenetwork
- containerbridge
- libnetwork (Ans)
- libcontainer
Which of the following describes a sandbox
in the context of Docker networking?
- A container within a container that contains a shared network stack
- A ring-fenced area of the Host OS that contains an isolated network stack (Ans)
- An area of virtual memory used as scratch space by Libnetwork
- A ring-fenced area of a container made available to all other containers on the same network
In which programming language is Libnetwork written?
- C
- Pascal
- Python
- Golang (Ans)
You have a container network called m1-prd
that is scoped to “swarm.” However, when you are logged onto a node in the Swarm, you cannot see the network. Why
might this be the case?
- The node you are logged onto is not running a task that is using the network, so the network has not been extended to the node yet. (Ans)
- Docker takes a lazy approach to creating networks on all nodes in the Swarm. You probably haven’t waited the 30 minutes it takes to infect the entire Swarm
with the network. - The m1-prd network is encrypted and therefore not visible in the output of regular docker network commands.
- The docker network ls command does not display networks scoped to to “swarm.”
What is the purpose of the MACVLAN driver?
- To put containers on existing networks and VLANs
- To create multi-host overlay networks
- To enhance container networking for Docker Engines running on Docker for Mac (DFM) (Ans)
Which of the following open source specification documents forms the foundation of Docker networking?
- The Docker Network Model (DNM)
- The Container Network Interface (CNI)
- The Container Network Model (CNM) (Ans)
- Virtual Extensible LAN (VXLAN)
Which of the following are the three major constructs defined in the Container Network Model (CNM)?
- Container, endpoint, network
- Sandbox, endpoint, network (Ans)
- Service, endpoint, network
- Sandbox, container, network
Which native Docker feature simplifies and enhances creation and management of Docker networks?
- The Docker Remote API
- Content Trust
- The volume driver interface
- Swarm Mode (Ans)
Which of the following will display the specific command that created each layer in an image?
- docker build -th imagename
- docker history imagename (Ans)
- docker search imagename
- docker images -t imagename
What is accomplished by running the following command?
docker run -p 5000:5000 registry:latest
- Docker Engine will run a “hot update” on the live Registry image.
- The Docker Registry image will (if necessary) be pulled and then run, exposing port 5000. (Ans)
- Only if the Docker Registry image has already been pulled will it be run, exposing port 5000.
- The Docker Registry image will be pulled from Docker Hub using port 5000.
You would prepare an image called hello-world for uploading to a local Docker Registry using which of the following commands?
- docker tag hello-world localhost:5000/hello-world:latest (Ans)
- docker tag hello-world localhost/hello-world:latest
- docker -tag 127.0.0.1/hello-world:latest
- docker -t hello-world localhost:5000/hello-world:latest
To add encryption using a self-signed certificate to your Docker Registry infrastructure, to which directory must the certificate be copied (assuming your domain is
domain.com)?
- /etc/docker/certs.d/domain.com:5000/ (Ans)
- /etc/docker/cert.d/domain.com:5000/
- /var/lib/docker/certs.d/domain.com:5000/
- /etc/docker/certs.d/domain.com/
Which of these is the correct command to display a list images currently stored in a Docker Registry using a self-signed certificate?
- curl –insecure http://192.168.1.16:5000/v2/_catalog
- curl -i https://192.168.1.16:5000/v2/_catalog
- curl -i https://192.168.1.16:5000/v2/_data
- curl –insecure https://192.168.1.16:5000/v2/_catalog (Ans)
How do you temporarily enable Docker Content Trust on your local machine to take advantage of digitally signed images?
- export DOCKER_CONTENT_TRUST=1 (Ans)
- export $DOCKER_CONTENT_TRUST=0
- echo DOCKER_CONTENT_TRUST=1 >> /etc/profile
- echo $DOCKER_CONTENT_TRUST=1
- Implementing Managed IT Services: A Step-by-Step Guide - August 30, 2024
- DevOps Foundation Certification - August 29, 2024
- SRE Foundation Certification - August 29, 2024