CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Docker
  5. DCA

Free DCA Exam Braindumps (page: 7)

Page 6 of 47
PDF with 183 Questions

One of several containers in a pod is marked as unhealthy after failing its livenessProbe many times. Is this the action taken by the orchestrator to fix the unhealthy container?

Solution: The controller managing the pod is autoscaled back to delete the unhealthy pod and alleviate load.

  1. Yes
  2. No

Answer(s): B

Explanation:

: = The livenessProbe is a mechanism that checks if the container is alive and healthy, and restarts it if it fails. The orchestrator is the component that manages the deployment and scaling of containers across a cluster of nodes. The action taken by the orchestrator to fix the unhealthy container is not to autoscale back and delete the pod, but to recreate the pod on the same or a different node. This ensures that the desired number of replicas for the pod is maintained, and that the pod can resume its normal operation. Autoscaling back and deleting the pod would reduce the availability and performance of the service, and would not necessarily alleviate the load.


Reference:

Configure Liveness, Readiness and Startup Probes | Kubernetes

What is a Container Orchestrator? | Docker

Pod Lifecycle | Kubernetes

I hope this helps you understand the concept of livenessProbe and orchestrator, and how they work with Docker and Kubernetes. If you have any other questions related to Docker, please feel free to ask me.



You configure a local Docker engine to enforce content trust by setting the environment variable

DOCKER_CONTENT_TRUST=1.

If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution: docker image import <tarball> myorg/myimage:1.0

  1. Yes
  2. No

Answer(s): A

Explanation:

Docker Content Trust (DCT) is a feature that allows users to verify the integrity and publisher of container images they pull or deploy from a registry server, signed on a Notary server. DCT is enabled by setting the environment variable DOCKER_CONTENT_TRUST=1 on the Docker client.
When DCT is enabled, the Docker client will only pull, run, or build images that have valid signatures for a specific tag. However, DCT does not apply to the docker image import command, which allows users to import an image or a tarball with a repository and tag from a file or STDIN3. Therefore, if myorg/myimage:1.0 is unsigned, Docker will not block the docker image import <tarball> myorg/myimage:1.0 command, even if DCT is enabled. This is because the docker image import command does not interact with a registry or a Notary server, and thus does not perform any signature verification. However, this also means that the imported image will not have any trust data associated with it, and it will not be possible to push it to a registry with DCT enabled, unless it is signed with a valid key.


Reference:

Content trust in Docker

Automation with content trust

[docker image import]

[Content trust and image tags]



You configure a local Docker engine to enforce content trust by setting the environment variable

DOCKER_CONTENT_TRUST=1.

If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution: docker service create myorg/myimage:1.0

  1. Yes
  2. No

Answer(s): A

Explanation:

When content trust is enabled, Docker blocks any command that operates on unsigned images, such as docker service create. This is because Docker Content Trust (DCT) allows users to verify the integrity and publisher of specific image tags, using digital signatures stored on a Notary server. If an image tag is not signed, or the signature cannot be verified, Docker will refuse to pull, run, or build with that image. Therefore, if myorg/myimage:1.0 is unsigned, Docker will block the command docker service create myorg/myimage:1.0 and display an error message.


Reference:

Content trust in Docker

Docker Content Trust: What It Is and How It Secures Container Images

Automation with content trust



Can this set of commands identify the published port(s) for a container?

Solution: docker container inspect', 'docker port'

  1. Yes
  2. No

Answer(s): A

Explanation:

The set of commands docker container inspect and docker port can identify the published port(s) for a container. The docker container inspect command returns low-level information about a container, including its network settings and port bindings. The docker port command lists port mappings or a specific mapping for the container. Both commands can show which host port is mapped to which container port, and the protocol used. For example, docker container inspect -f '{{.NetworkSettings.Ports}}' container_name will show the port bindings for the container_name. Similarly, docker port container_name will show the port mappings for the container_name.


Reference:

docker container inspect docker port

How to Expose and Publish Ports in Docker

[How to obtain the published ports from within a docker container?]






Post your Comments and Discuss Docker DCA exam with other Community members:

DCA Discussions & Posts