What can you use to run multiple containers from a single YAML file?
- docker run
- docker-compose (Ans)
- docker run containers.yml
Which of the following is not a benefit of Virtual Memory?
- Use more memory than is physically available
- Processes can use memory as if they are the only process running
- Compress data stored in memory to increase capacity (Ans)
- Don’t have to save entire contents of memory when switching processes
Which of the following is not a benefit of a union filesystem for containers?
- Decrease startup time for containers with images pre-extracted into an image cache
- Save disk space by sharing common files with the host OS filesystem via symbolic links (Ans)
- Share page cache entries to reduce memory overhead
- Save disk space with readonly layers reused among containers
What does it mean for two containers to share a network namespace?
- They share the host’s (or root) network namespace.
- They have isolated virtual network adapters.
- They share a virtual network but still have isolated virtual network adapters.
- They share a single network stack. (Ans)
Which networking approach would you use if you don’t trust an application?
- Share network with other containers
- None (Ans)
- Share with host
- Virtual network
When you create a process with separate namespaces (network, mount, IPC, UTS, PID, and user), what is the net effect?
- It appears as if the process is running on a different machine. (Ans)
- Processses get their own isolated instances of system resources.
- Processes can share system resources.
Why do you use tools like Docker, LXC and rkt?
- To kill processes that consume too much of a system resource
- To configure the additional isolation necessary to create a container (Ans)
- To create VMs to isolate processes
- To emulate virtual resources per process
When a mount namespace is created, what does it contain?
- An empty list of mount points
- The list of mount points passed when creating the new mount namespace
- A default set of mount points from /etc/mountns.defaults
- Essentially a copy of the existing filesystem (Ans)
What does Layered Responsibility mean?
- You can rely upon others for base layers in container images. (Ans)
- You can’t see the layers beneath yours in container images.
- You don’t ever have to see the layers beneath yours in container images.
- You need to validate that all layers are built properly when using an image.
What is a context switch?
- When the executing process is changed (Ans)
- When the executing cgroup is changed
- When the contents of virtual memory is loaded into physical memory
- When the contents of physical memory is swapped to disk
What is a substantial reason for moving from a single node to a multi-node cluster?
- It’s a best practice to use multi-node clusters in production.
- It’s a best practice to run individual containers on individual nodes.
- When containers saturate the resources of a single node (Ans)
- When containers conflict with each other, i.e. port conflicts or file system conflicts
Where is there a natural separation in responsibility when building a cluster?
- Running apps & running VMs
- Node operating system & cluster services
- Machine hardware & operating system
- Provisioning nodes & running apps (Ans)
What is the net effect of a separate network namespace? Each process can have an entirely separate __ .
- IP address (Ans)
- list of processes
What runtime or execution environments can be used with a cluster?
- chroot Processes
- All of these (Ans)
- Virtual Machines
What does an Image from a site like Docker Hub provide?
- A container’s hostname
- The host filesystem to run a container
- A container’s network configuration
- The entire host filesystem
- A container’s filesystem (Ans)
What is the net effect of a separate IPC namespace? Each process can have an entirely separate ______ .
- message queue (Ans)
- IP address
- list of processes
What does a system container run?
- Runs an OS init process, effectively emulating a VM (Ans)
- Runs a single application
- Runs the container runtime
- Runs the host OS init process
Why are images so valuable?
- Manually configuring a hostname for a container is hard work.
- Manually building a filesystem for a container is hard work. (Ans)
- Manually configuring service discovery for a container is hard work.
- Manually configuring networking for a container is hard work.
What do capabilities isolate?
- Privileged operations (Ans)
- Unprivileged processes
- Privileged processes
- Unprivileged operations
Which of the following is NOT an analogy for namespaces?
- A slice of a pizza per process (Ans)
- A whole pizza per process
Latest posts by Rajesh Kumar (see all)
- Docker Private registry using Nexus, Artifactory or Docker Registry - February 21, 2020
- Docker Errors and Solutions Database - February 21, 2020
- List of Top DevOps Tools For SAP and ABAP - February 19, 2020