Slide 1
Most trusted JOB oriented professional program
DevOps Certified Professional (DCP)

Take your first step into the world of DevOps with this course, which will help you to learn about the methodologies and tools used to develop, deploy, and operate high-quality software.

Slide 2
DevOps to DevSecOps – Learn the evolution
DevSecOps Certified Professional (DSOCP)

Learn to automate security into a fast-paced DevOps environment using various open-source tools and scripts.

Slide 2
Get certified in the new tech skill to rule the industry
Site Reliability Engineering (SRE) Certified Professional

A method of measuring and achieving reliability through engineering and operations work – developed by Google to manage services.

Slide 2
Master the art of DevOps
Master in DevOps Engineering (MDE)

Get enrolled for the most advanced and only course in the WORLD which can make you an expert and proficient Architect in DevOps, DevSecOps and Site Reliability Engineering (SRE) principles together.

Slide 2
Gain expertise and certified yourself
Azure DevOps Solutions Expert

Learn about the DevOps services available on Azure and how you can use them to make your workflow more efficient.

Slide 3
Learn and get certified
AWS Certified DevOps Professional

Learn about the DevOps services offered by AWS and how you can use them to make your workflow more efficient.

previous arrow
next arrow

Docker Interview Questions and Answer Part – 7

Spread the Knowledge

Docker recommends using the responsible disclosure model for reporting vulnerabilities in the Docker platform. What does this mean?

  • Simultaneously report the vulnerability to Docke and openly publish details of the vulnerability so that the wider community can take preventative action.
  • After reporting the vulnerability to Docker, desist from further disclosure for a period of time to enable the project time to remedy the vulnerability. (Ans)
  • Engineer a patch to remedy the vulnerability and describe the vulnerability and its fix in a GitHub pull request.

Why does RancherOS launch two Docker daemons on boot?

  • To implement redundancy in the event that one of the daemons becomes unavailable
  • To isolate application containers from the host’s system services (Ans)
  • To improve system performance by load balancing Engine API requests

Given the following users and their group membership, which user will NOT have the means to access the Docker Engine API on its UNIX domain socket?

rackham: uid=1000(rackham) gid=1000(rackham) groups=1000(rackham),27(sudo)

baxter: uid=1001(baxter) gid=1001(baxter) groups=1001(baxter),999(docker)

bolt: uid=1002(bolt) gid=1002(bolt) groups=1002(bolt)

  • baxter
  • bolt (Ans)
  • rackham

Which of the following statements is untrue about Docker?

  • By default, Docker doesn’t create containers in user namespaces because not all Linux distributions enable user namespaces in their kernel. (Ans)
  • Docker creates a sub-directory in its data root so that newly created objects are owned by the UID/GID at the top of the dock-remap user’s subordinate ranges.
  • User namespaces allow a container’s process to be privileged in its own user namespace, whilst remaining non-privileged in the host’s user namespace.

A Docker admin needs a container to be able to write to a file owned by the root user located in the /etc directory. The Docker daemon is running with user namespace remapping enabled and the file is to be made available to the container as a bind mount. What is the best means of circumventing any permissions problems?

  • Change the group ownership of the file to that of the remapped group ID that is used by the Docker daemon when creating containers.
  • Temporarily reconfigure the Docker daemon to disable user namespace remapping for the lifetime of the container.
  • Use the –userns config option with the argument host to disable the use of user namespaces for the container. (Ans)

What is the process of granting a client access to objects based on their identity?

  • Approval
  • Authorization (Ans)
  • Authentication

The Open Policy Agent (OPA) is a general purpose policy engine. Which of the following attributes is essential for it to function as a Docker authorization plugin?

  • Its ability to act as an independent decision making service for clients (Ans)
  • The availability of variables in Rego for defining policy rules
  • The means for adding contextual data for use in rule evaluation

An environment variable can be used to define or override a registry setting. Which of the following variables defines or overrides the path to the certificate bundle used to sign tokens?

  • AUTH_TOKEN_CERTBUNDLE
  • AUTH_TOKEN_ROOTCERTBUNDLE
  • REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE (Ans)
  • REGISTRY_TLS_CERTIFICATE

Which of the following registry operations are not provided to a client of the Docker Engine API?

  • Pull an image from a registry repo
  • Remove an image from a registry repo (Ans)
  • Push an image to a registry repo

Which of the following is NOT a valid argument to the –secret config option for associating a secret with a swarm service?

  • source=db_pw,target=password,mode=0400
  • db_pw
  • source=$(pwd)/db_pw,target=password (Ans)
Rajesh Kumar