Docker

Docker Interview Questions and Answer Part – 19

January 20, 2020 comments off

What can you use to run multiple containers from a single YAML file?

  • Dockerfile
  • docker run
  • docker-compose (Ans)
  • docker run containers.yml

Which of the following is not a benefit of Virtual Memory?

  • Use more memory than is physically available
  • Processes can use memory as if they are the only process running
  • Compress data stored in memory to increase capacity (Ans)
  • Don’t have to save entire contents of memory when switching processes

Which of the following is not a benefit of a union filesystem for containers?

  • Decrease startup time for containers with images pre-extracted into an image cache
  • Save disk space by sharing common files with the host OS filesystem via symbolic links (Ans)
  • Share page cache entries to reduce memory overhead
  • Save disk space with readonly layers reused among containers

What does it mean for two containers to share a network namespace?

  • They share the host’s (or root) network namespace.
  • They have isolated virtual network adapters.
  • They share a virtual network but still have isolated virtual network adapters.
  • They share a single network stack. (Ans)

Which networking approach would you use if you don’t trust an application?

  • Share network with other containers
  • None (Ans)
  • Share with host
  • Virtual network

When you create a process with separate namespaces (network, mount, IPC, UTS, PID, and user), what is the net effect?

  • It appears as if the process is running on a different machine. (Ans)
  • Processses get their own isolated instances of system resources.
  • Processes can share system resources.

Why do you use tools like Docker, LXC and rkt?

  • To kill processes that consume too much of a system resource
  • To configure the additional isolation necessary to create a container (Ans)
  • To create VMs to isolate processes
  • To emulate virtual resources per process

When a mount namespace is created, what does it contain?

  • An empty list of mount points
  • The list of mount points passed when creating the new mount namespace
  • A default set of mount points from /etc/mountns.defaults
  • Essentially a copy of the existing filesystem (Ans)

What does Layered Responsibility mean?

  • You can rely upon others for base layers in container images. (Ans)
  • You can’t see the layers beneath yours in container images.
  • You don’t ever have to see the layers beneath yours in container images.
  • You need to validate that all layers are built properly when using an image.

What is a context switch?

  • When the executing process is changed (Ans)
  • When the executing cgroup is changed
  • When the contents of virtual memory is loaded into physical memory
  • When the contents of physical memory is swapped to disk

What is a substantial reason for moving from a single node to a multi-node cluster?

  • It’s a best practice to use multi-node clusters in production.
  • It’s a best practice to run individual containers on individual nodes.
  • When containers saturate the resources of a single node (Ans)
  • When containers conflict with each other, i.e. port conflicts or file system conflicts

Where is there a natural separation in responsibility when building a cluster?

  • Running apps & running VMs
  • Node operating system & cluster services
  • Machine hardware & operating system
  • Provisioning nodes & running apps (Ans)

What is the net effect of a separate network namespace? Each process can have an entirely separate __ .

  • hostname
  • IP address (Ans)
  • filesystem
  • list of processes

What runtime or execution environments can be used with a cluster?

  • Containers
  • chroot Processes
  • All of these (Ans)
  • Virtual Machines

What does an Image from a site like Docker Hub provide?

  • A container’s hostname
  • The host filesystem to run a container
  • A container’s network configuration
  • The entire host filesystem
  • A container’s filesystem (Ans)

What is the net effect of a separate IPC namespace? Each process can have an entirely separate ______ .

  • message queue (Ans)
  • IP address
  • filesystem
  • list of processes
  • hostname

What does a system container run?

  • Runs an OS init process, effectively emulating a VM (Ans)
  • Runs a single application
  • Runs the container runtime
  • Runs the host OS init process

Why are images so valuable?

  • Manually configuring a hostname for a container is hard work.
  • Manually building a filesystem for a container is hard work. (Ans)
  • Manually configuring service discovery for a container is hard work.
  • Manually configuring networking for a container is hard work.

What do capabilities isolate?

  • Privileged operations (Ans)
  • Unprivileged processes
  • Privileged processes
  • Unprivileged operations

Which of the following is NOT an analogy for namespaces?

  • A slice of a pizza per process (Ans)
  • A whole pizza per process
  • Database
  • List
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)