Which of the following is a recommended best practice?
- Keep your images small (Ans)
- Never use the latest image in a repo
- Use large images containing lots of tools
- Only use Docker Hub
Where are Secrets mounted on Linux-based Docker hosts?
- An encrypted volume mounted at /run/secrets
- An in memory (tempfs) volume at /run/secrets (Ans)
- Solid state volume
How are Docker Secrets created on the command line?
- docker secret create (Ans)
- docker swarm secret create
- They cannot be created on the command line
Which of the following is the best high-level description of a Swarm?
- A secure cluster of Docker nodes (Ans)
- A tightly-coupled cluster of Docker container
- A secure cluster of Docker containers
- I tightly-coupled cluster of Linux nodes
What is the atomic unit of scheduling in Docker?
- The service
- The container (Ans)
- The pod
- The stack
- The swarm
Which of the following commands lets you deploy a Docker Stack called stack1 using a Compose file called myapp.yml?
- docker service deploy -c myapp.yml stack1
- docker stack deploy -c myapp.yml stack1 (Ans)
- docker stack deploy stack1 myapp.yml
- docker service deploy stack1 myapp.yml
Which of the following open-source tools is the underlying technology for Docker Swarm?
- SwarmKit (Ans)
- The Docker daemon
Docker UCP implements RBAC via Grants. Which of the following make up a Grant?
- Subjects, roles, and nodes
- Subjects, roles, and collections (Ans)
- Roles and collections
Which of the following built-in Docker networks creates a single layer-2 container-only network across multiple Docker hosts that can be on different underlying networks?
- Overlay (Ans)
Which Docker command shows the network ports that a container is exposed on?
- docker container ports
- docker port (Ans)
- docker network –port
What happens when you perform a docker volume rm against a volume attached to a running container?
- The command will fail (Ans)
- The volume will be deleted
- The volume and the container will be deleted
- You will be asked to confirm the command
Which set of container-related Linux tools did Docker’s
- LXC (Ans)
Which of the following is needed to deploy a Docker Stack?
- Compose v2 file format
- Compose v3 file format (Ans)
- Docker Cloud
What is the name of the configuration file that describes how to build a new Docker image with your app-code inside?
- dockerfile (Ans)
Which of the following is the worst number of managers for high availability?
- 2 (Ans)
Which command can you use to get a shell session inside of a container?
- docker container login
- docker container exec (Ans)
- docker container shell
- docker container ssh
Which Docker EE technology performs layer-7 (application layer) load balancing?
- The ingress network
- The Service Mesh
- The HTTP Routing Mesh (HRM) (Ans)
Which of the following best decribes a Docker Image?
- A read-write template for starting one or more containers
- A point-in-time snapshot of a container used for backups
- A data volume that can be mounted inside of a container
- A read-only template for starting one or more containers (Ans)
You have two services running on a Swarm, but they cannot find each other by name. Which of the following could be the reason why?
- They are on different overlay networks (Ans)
- They were not manually registered with the Swarm DNS when they were created
- Service discovery only works on bridge/NAT networks
- You did not create the Swarm DNS
Which of the following is a loose definition of a Docker container?
- A VM running a shared kernel with resource limits applied
- A unikernel running on a hypervisor with resource limits applied
- An isolated area of an Operating System with resource limits applied (Ans)
What will happen if you start a new container or service and specify a volume that does not currently exist?
- You will be prompted to create the new volume
- The command will complete but the container/service will fail to start
- The command will fail
- Docker will create the volume for you (Ans)
What are the base requirements to be able to use Docker Secrets?
- Swarm mode and an external CA
- Swarm mode and self-encrypting disks for the cluster store
- Docker in Swarm mode (Ans)