Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Docker
  5. DCA

Docker DCA Exam
Docker Certified Associate (Page 8 )

Updated On: 1-Feb-2026
Page 7 of 38
PDF with 191 Questions

Is this a function of UCP?

Solution: image role-based access control

  1. Yes
  2. No

Answer(s): B

Explanation:

Image role-based access control is not a function of UCP. UCP has its own built-in authentication mechanism and integrates with LDAP services. It also has role-based access control (RBAC), so that you can control who can access and make changes to your cluster and applications. However, image role-based access control is a feature of Docker Trusted Registry (DTR), which integrates with UCP and allows you to manage the images you use for your applications. DTR lets you define granular permissions for images, such as who can push, pull, delete, or scan them.


Reference:

Universal Control Plane overview), Docker Trusted Registry overview), Docker Access Control)



Is this a function of UCP?

Solution: enforces the deployment of signed images to the cluster

  1. Yes
  2. No

Answer(s): A

Explanation:

= This is a function of UCP, as it integrates with Docker Trusted Registry (DTR) to provide built-in security and access control for your images. DTR allows you to enforce security policies and only allow running applications that use Docker images you know and trust. You can sign your images with Docker Content Trust (DCT) to prove their authenticity and integrity. UCP will verify the signatures of the images before deploying them to the cluster.


Reference:

Universal Control Plane overview | dockerlabs

How to Sign Your Docker Images to Increase Trust - How-To Geek



You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object.

Does this command display it?

Solution: kubectl get deployment api

  1. Yes
  2. No

Answer(s): B

Explanation:

The command kubectl get deployment api will only show the status of the deployment object, such as the number of replicas, available pods, and updated pods. It will not display the events table for the deployment, which contains information about the creation, scaling, and updating of the deployment and its pods. To see the events table for the deployment, you need to use the kubectl describe deployment api command, which will show the details of the deployment object, including the events. Alternatively, you can use the kubectl get events --field-selector involvedObject.name=api command, which will filter the events by the name of the involved object.


Reference:

Kubectl: Get Deployments - Kubernetes - ShellHacks

Events in Kubernetes | Kubernetes kubectl Cheat Sheet | Kubernetes kubernetes - kubectl get events only for a pod - Stack Overflow



A user's attempts to set the system time from inside a Docker container are unsuccessful.

Could this be blocking this operation?

Solution. SELinux

  1. Yes
  2. No

Answer(s): A

Explanation:

SELinux could be blocking the operation of setting the system time from inside a Docker container. SELinux is a security mechanism that enforces mandatory access control (MAC) policies on Linux systems. It restricts the actions that processes can perform based on their security contexts, such as user, role, type, and level. By default, SELinux prevents Docker containers from accessing or modifying the host's system time, as this could pose a security risk or cause inconsistency. To allow Docker containers to set the system time, SELinux needs to be configured with the appropriate permissions or labels, or disabled altogether. However, this is not recommended, as it could compromise the security and stability of the system.


Reference:

Change system date time in Docker containers without impacting host

Change Date Inside a Docker Container

How to Handle Timezones in Docker Containers

5 ways to change time in Docker container

How to set system time dynamically in a Docker container



Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate?

Solution. Set INSECURE_REGISTRY in the' /etc/docker/default' configuration file.

  1. Yes
  2. No

Answer(s): A

Explanation:

= Setting INSECURE_REGISTRY in the /etc/docker/default configuration file is one way to configure the Docker engine to use a registry without a trusted TLS certificate. This option tells the Docker daemon to accept insecure connections to the specified registry, bypassing the certificate verification. However, this method is not recommended, as it exposes the registry and the Docker engine to potential security risks. A better way to use a registry without a trusted TLS certificate is to add the registry's CA certificate to the Docker daemon's trust store, as described in the Docker documentation3 or other online guides.


Reference:

1: How to build docker registry without SSL

2: Verify repository client with certificates | Docker Docs

3: "docker pull" certificate signed by unknown authority

4: Login to docker registry with client certificate under windows



Viewing page 8 of 38
Viewing questions 36 - 40 out of 191 questions



Post your Comments and Discuss Docker DCA exam prep with other Community members:

Join the DCA Discussion