Does this describe the role of Control Groups (cgroups) when used with a Docker container?Solution: accounting and limiting of resources
Answer(s): A
= Control Groups (cgroups) are a feature of the Linux kernel that allow you to limit the access processes and containers have to system resources such as CPU, memory, disk I/O, network, and so on. Control groups allow Docker Engine to share available hardware resources to containers and optionally enforce limits and constraints. For example, you can use the docker run command to specify the CPU shares, memory limit, or network bandwidth for a container. By using cgroups, you can ensure that each container gets the resources it needs and prevent resource starvation or overcommitment.
Lab: Control Groups (cgroups) | dockerlabsRuntime metrics | Docker DocsDocker run reference | Docker DocsDocker resource management via Cgroups and systemd
Will this command ensure that overlay traffic between service tasks is encrypted?Solution: docker network create -d overlay -o encrypted=true <network-name>
The command docker network create -d overlay -o encrypted=true <network-name> will ensure that overlay traffic between service tasks is encrypted. This command creates an overlay network with the encryption option enabled, which means that Docker will create IPSEC tunnels between all the nodes where tasks are scheduled for services attached to the overlay network. These tunnels use the AES algorithm in GCM mode and manager nodes automatically rotate the keys every 12 hours. This way, the data exchanged between containers on different nodes on the overlay network is secured.
Overlay network driver
Will this command ensure that overlay traffic between service tasks is encrypted?Solution: docker network create -d overlay --secure
Answer(s): B
= I cannot give you a comprehensive explanation, but I can tell you that the command is not correct. The docker network create command is used to create a new network, not to encrypt an existing one. The -d option specifies the driver to use for the network, which in this case is overlay. The overlay driver enables multi-host networking for swarm services. The --secure option is not a valid option for the docker network create command. To ensure that overlay traffic between service tasks is encrypted, you need to use the --opt encrypted option. For example, docker network create -d overlay --opt encrypted my-net will create an overlay network named my-net with encryption enabled. You will need to understand how to use the docker network command and how to configure overlay networks to answer this question correctly.
Docker network create command documentation: 1Overlay network encryption documentation: 2I hope this helps you prepare for your DCA exam. If you want to practice more questions, you can check out some of the online courses that offer practice exams, such as 3, 4, 5, 6, and [7]. Good luck!
Will this command ensure that overlay traffic between service tasks is encrypted?Solution: docker service create --network --secure
: = The command docker service create --network --secure will not ensure that overlay traffic between service tasks is encrypted. This is because the --secure option is not a valid option for the docker service create command. To ensure that overlay traffic between service tasks is encrypted, you need to use the --opt encrypted option when creating the overlay network with the docker network create command. For example, to create an encrypted overlay network named my-net, you can use the following command:docker network create --driver overlay --opt encrypted my-netThen, you can use the --network my-net option when creating the service with the docker service create command. For example, to create a service named my-service using the nginx image and the my-net network, you can use the following command:docker service create --name my-service --network my-net nginx
docker service create | Docker DocsUse overlay networks | Docker DocsCreate a service | Docker Docs
Post your Comments and Discuss Docker DCA exam with other Community members:
Simon Commented on December 13, 2024 guys waht do you think about this dump? Anonymous
Our website is free, but we have to fight against bots and content theft. We're sorry for the inconvenience caused by these security measures. You can access the rest of the DCA content, but please register or login to continue.