• ホーム
  • ブログ
  • 2024年最新のDockerテストDCA問題集豪華セット無料最新の問題集をゲット! [Q77-Q101]

2024年最新のDockerテストDCA問題集豪華セット無料最新の問題集をゲット! [Q77-Q101]

Share

2024年最新のDockerテストDCA問題集豪華セット無料最新の問題集をゲット!

完全版DCA練習テスト179特別な問題と解答が待ってます!今すぐゲットせよ!

質問 # 77
Will this command ensure that overlay traffic between service tasks is encrypted?
Solution: docker service create --network --encrypted

  • A. No
  • B. Yes

正解:A

解説:
= The command docker service create --network --encrypted will not ensure that overlay traffic between service tasks is encrypted. This is because the --network flag requires an argument that specifies the name or ID of the network to connect the service to1. The --encrypted flag is not a valid option for docker service create2. To encrypt overlay traffic between service tasks, you need to use the --opt encrypted flag on docker network create when you create the overlay network3. For example:
docker network create --opt encrypted --driver overlay my-encrypted-network Then, you can use the --network flag on docker service create to connect the service to the encrypted network.
For example:
docker service create --network my-encrypted-network my-service
References:
* docker service create | Docker Documentation
* docker service create | Docker Documentation
* Manage swarm service networks | Docker Docs
I hope this helps you understand the command and the encryption, and how they work with Docker and swarm. If you have any other questions related to Docker, please feel free to ask me.


質問 # 78
Your organization has a centralized logging solution, such as Splunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution: Set the log-driver and log-oPt keys to values for the logging solution (Splunk) In the daemon.json file.

  • A. No
  • B. Yes

正解:B

解説:
Explanation
Setting the log-driver and log-opt keys to values for the logging solution (Splunk) in the daemon.json file will configure a Docker container to export container logs to the logging solution. This is because the Splunk logging driver sends container logs to the HTTP Event Collector in Splunk Enterprise and Splunk Cloud1. To use the Splunk driver as the default logging driver, set the keys log-driver and log-opts to appropriate values in the daemon.json configuration file and restart Docker1. To use the Splunk driver for a specific container, use the commandline flags --log-driver and log-opt with docker run1. The Splunk logging driver supports various options, such as splunk-token, splunk-url, splunk-source, splunk-sourcetype, splunk-index, etc1. References:
Splunk logging driver | Docker Docs1


質問 # 79
When seven managers are in a swarm cluster how would they be distributed across three datacenters or availability zones?

  • A. 4-2-1
  • B. 5-1-1
  • C. 3-3-1
  • D. 3-2-2

正解:D


質問 # 80
Does this describe the role of Control Groups (cgroups) when used with a Docker container?
Solution: user authorization to the Docker API

  • A. No
  • B. Yes

正解:A

解説:
= The role of Control Groups (cgroups) when used with a Docker container is not user authorization to the Docker API. Cgroups are a feature of the Linux kernel that allow you to limit the access processes and containers have to system resources such as CPU, RAM, IOPS and network1. Cgroups enable Docker to share available hardware resources to containers and optionally enforce limits and constraints2. User authorization to the Docker API is a different concept that involves granting permissions to users or groups to perform certain actions on the Docker daemon, such as creating, running, or stopping containers3.
References:
* Lab: Control Groups (cgroups) | dockerlabs
* Runtime metrics | Docker Docs
* Authorize users to access the Docker API | Docker Docs
I hope this helps you understand the role of cgroups and how they work with Docker containers. If you have any other questions related to Docker, please feel free to ask me.


質問 # 81
Is this statement correct?
Solution: A Dockerfile stores the Docker daemon's configuration options.

  • A. No
  • B. Yes

正解:A

解説:
Explanation
The statement is not correct. A Dockerfile does not store the Docker daemon's configuration options. A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image1. A Dockerfile is used to build images, not to configure the Docker daemon. The Docker daemon's configuration options are stored in a JSON file, which is usually located at /etc/docker/daemon.json on Linux systems, or C:\ProgramData\docker\config\daemon.json on Windows2. The JSON file allows you to customize the Docker daemon's behavior, such as enabling debug mode, setting TLS certificates, or changing the data directory2. References: Dockerfile reference), Docker daemon configuration overview)


質問 # 82
Which 'docker run' flag lifts cgroup limitations?

  • A. 'docker run --isolation'
  • B. 'docker run --privileged'
  • C. 'docker run --cap-drop'
  • D. 'docker run --cpu-period'

正解:B


質問 # 83
Can this set of commands identify the published port(s) for a container?
Solution. 'docker container inspect", docker port'

  • A. No
  • B. Yes

正解:B

解説:
Explanation
This set of commands can identify the published port(s) for a container. The docker container inspect command shows low-level information about a container in JSON format. This information includes the network settings of the container, such as the port bindings and exposed ports. The docker port command shows the public port(s) that are mapped to a private port inside the container. By using these two commands, you can identify the published port(s) for a container. References:
https://docs.docker.com/engine/reference/commandline/container_inspect/,
https://docs.docker.com/engine/reference/commandline/port/


質問 # 84
A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.
Can this be used to schedule containers to meet the security policy requirements?
Solution: node taints

  • A. No
  • B. Yes

正解:B

解説:
Explanation
Node taints are a way to mark nodes in a Swarm cluster so that they can repel or attract certain containers based on their tolerations. By applying node taints to the nodes that are designated for development or production, the company can ensure that only the containers that have the matching tolerations can be scheduled on those nodes. This way, the security policy requirements can be met. Node taints are expressed as key=value:effect, where the effect can be NoSchedule, PreferNoSchedule, or NoExecute. For example, to taint a node for development only, one can run:
kubectl taint nodes node1 env=dev:NoSchedule
This means that no container will be able to schedule onto node1 unless it has a toleration for the taint env=dev:NoSchedule. To add a toleration to a container, one can specify it in the PodSpec. For example:
tolerations:
- key: "env"
operator: "Equal"
value: "dev"
effect: "NoSchedule"
This toleration matches the taint on node1 and allows the container to be scheduled on it. References:
* Taints and Tolerations | Kubernetes
* Update the taints on one or more nodes in Kubernetes
* A Complete Guide to Kubernetes Taints & Tolerations


質問 # 85
What is the recommended way to configure the daemon flags and environment variables for your Docker daemon in a platform independent way?

  • A. Set the configuration DOCKER_OPTS in '/etc/default/docker'
  • B. Using 'docker config' to set the configuration options.
  • C. Set the configuration options in '/etc/docker/daemon.json'
  • D. Set the configuration options using the ENV variable

正解:C


質問 # 86
Will this action upgrade Docker Engine CE to Docker Engine EE?
Solution. Disable the Docker service via 'chkconfig' or 'systemctl'.

  • A. No
  • B. Yes

正解:A

解説:
The action will not upgrade Docker Engine CE to Docker Engine EE. Disabling the Docker service via chkconfig or systemctl will only stop the Docker daemon from running, but it will not change the version or edition of the Docker engine1. To upgrade Docker Engine CE to Docker Engine EE, you need to follow these steps2:
* Download your Docker Enterprise license from the Docker Store).
* Install the docker-ee package from the Docker repository.
* Restart the Docker service and verify the version and edition. References: Start or stop the Docker daemon), How to upgrade Docker 18.09 Community Edition to Docker Enterprise 18.09)


質問 # 87
Will this command display a list of volumes for a specific container?
Solution. 'docker container logs nginx -volumes'

  • A. No
  • B. Yes

正解:A

解説:
Explanation
Using docker container logs nginx --volumes does not display a list of volumes for a specific container. The docker container logs command shows information about the logs of a container. The --volumes flag is not a valid option for this command and will cause an error. To display a list of volumes for a specific container, you need to use docker container inspect nginx --format '{{ .Mounts }}'. References:
https://docs.docker.com/engine/reference/commandline/container_logs/,
https://docs.docker.com/engine/reference/commandline/container_inspect/


質問 # 88
Is this an advantage of multi-stage builds?
Solution: optimizes Images by copying artifacts selectively from previous stages

  • A. No
  • B. Yes

正解:B

解説:
Multi-stage builds are a feature of Docker that allows you to use multiple FROM statements in your Dockerfile. Each FROM statement creates a new stage of the build, which can use a different base image and run different commands. You can then copy artifacts from one stage to another, leaving behind everything you don't want in the final image. This optimizes the image size and reduces the attack surface by removing unnecessary dependencies and tools. For example, you can use a stage to compile your code, and then copy only the executable file to the final stage, which can use a minimal base image like scratch. This way, you don't need to include the compiler or the source code in the final image. References:
* Multi-stage builds | Docker Docs
* What Are Multi-Stage Docker Builds? - How-To Geek
* Multi-stage | Docker Docs


質問 # 89
Will this command mount the host's '/data1 directory to the ubuntu container in read-only mode?
Solution. 'docker run -v /data:/mydata -mode readonly ubuntu'

  • A. No
  • B. Yes

正解:A

解説:
The command docker run -v /data:/mydata -mode readonly ubuntu will not mount the host's /data1 directory to the ubuntu container in read-only mode. The command has several errors that prevent it from working correctly. First, the host directory should be /data1 instead of /data, as specified in the question. Second, the option flag should be --mode instead of -mode, and it should be placed before the image name. Third, the mode value should be ro instead of readonly, as per the Docker documentation1. The correct command should be docker run -v /data1:/mydata --mode ro ubuntu, which will mount the host's /data1 directory as a read-only volume at /mydata inside the container1. References:
* docker run | Docker Docs


質問 # 90
A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.
Can this be used to schedule containers to meet the security policy requirements?
Solution: resource reservation

  • A. No
  • B. Yes

正解:A

解説:
Resource reservation is a feature that allows you to specify the amount of CPU and memory resources that a service or a container needs. This helps the scheduler to place the service or the container on a node that has enough available resources. However, resource reservation does not control which node the service or the container runs on, nor does it enforce any separation or isolation between different services or containers.
Therefore, resource reservation cannot be used to schedule containers to meet the security policy requirements.
References:
* [Reserve compute resources for containers]
* [Docker Certified Associate (DCA) Study Guide]
https://docs.docker.com/config/containers/resource_constraints/
https://success.docker.com/certification/study-guides/dca-study-guide


質問 # 91
You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object. Does this command display it?
Solution: kubectl logs deployment api

  • A. No
  • B. Yes

正解:A


質問 # 92
Your organization has a centralized logging solution, such as Splunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution: docker system events --filter splunk

  • A. No
  • B. Yes

正解:A

解説:
Explanation
Using docker system events --filter splunk does not configure a Docker container to export container logs to the logging solution. The docker system events command shows real-time events from the server, such as container creation, image deletion, network connection, etc. It does not show or export container logs to any external service. The --filter option allows filtering events by type, action, image, container, etc., but it does not accept splunk as a valid filter value. References:
https://docs.docker.com/engine/reference/commandline/system_events/,
https://docs.docker.com/config/containers/logging/


質問 # 93
You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object.
Does this command display it?
Solution: kubectl describe deployment api

  • A. No
  • B. Yes

正解:B

解説:
Explanation
= The command kubectl describe deployment api displays the events table for the deployment object called api, along with other information such as labels, replicas, strategy, conditions, and pod template. The events table shows the history of actions that have affected the deployment, such as scaling, updating, or creating pods. This can help troubleshoot any issues with the deployment. To see only the events table, you can use the flag --show-events=true with the command. References:
* Deployments | Kubernetes
* kubectl - How to describe kubernetes resource - Stack Overflow
* Kubectl: Get Deployments - Kubernetes - ShellHacks
* kubernetes - Kubectl get deployment yaml file - Stack Overflow


質問 # 94
Your organization has a centralized logging solution, such as Splunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution: docker system events --filter splunk

  • A. No
  • B. Yes

正解:A

解説:
Explanation
= The solution will not configure a Docker container to export container logs to the logging solution, such as Splunk. The command docker system events --filter splunk is not a valid command to send logs to a remote destination. The --filter option for docker system events only accepts the following keys: container, daemon, event, image, label, network, plugin, type, and volume1. splunk is not a valid key for filtering events. To configure a Docker container to export container logs to a logging solution, such as Splunk, you need to use the --log-driver and --log-opt options when creating or running the container2. For example, to use the Splunk logging driver, you can use the following command:
docker run --log-driver=splunk --log-opt splunk-token=176FCEBF-4CF5-4EDF-91BC-703796522D20
--log-opt splunk-url=https://splunkhost:8088 ...
This command will send the container logs to the Splunk HTTP Event Collector (HEC) endpoint specified by the splunk-url option, using the authentication token provided by the splunk-token option3. You can also use other logging drivers, such as syslog, fluentd, gelf, etc., depending on your logging solution4. References:
* 1: docker system events | Docker Docs
* 2: Configure logging drivers | Docker Docs
* 3: Splunk logging driver | Docker Docs
* 4: Supported logging drivers | Docker Docs


質問 # 95
You created a new service named 'http' and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service?
Solution: 'docker service ps http'

  • A. No
  • B. Yes

正解:B

解説:
Explanation
Using 'docker service ps http' enables you to view the list of historical tasks for this service. The docker service ps command shows information about tasks associated with one or more services. A task is a slot where a container runs to execute a service's commands. A task can have different states in its lifecycle, such as new, running, complete, failed, etc. The docker service ps command shows all tasks by default, including historical ones. References: https://docs.docker.com/engine/reference/commandline/service_ps/,
https://docs.docker.com/engine/swarm/how-swarm-mode-works/services/


質問 # 96
Is this a Linux kernel namespace that is disabled by default and must be enabled at Docker engine runtime to be used?
Solution: mnt

  • A. No
  • B. Yes

正解:A

解説:
Explanation
mnt is not a Linux kernel namespace that is disabled by default and must be enabled at Docker engine runtime to be used. According to the official documentation, mnt is one of the namespaces that are enabled by default when using namespaces for isolation.
References: https://docs.docker.com/engine/security/userns-remap/#user-namespace-known-limitations


質問 # 97
You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object. Does this command display it?
Solution: kubectl events deployment api

  • A. No
  • B. Yes

正解:A


質問 # 98
Will this command list all nodes in a swarm cluster from the command line?
Solution. 'docker inspect nodes

  • A. No
  • B. Yes

正解:A

解説:
= The command docker inspect nodes will not list all nodes in a swarm cluster from the command line. This command is invalid, as docker inspect requires one or more object names or IDs as arguments1. To list all nodes in a swarm cluster, you need to use the docker node ls command from a manager node2. This command will display the ID, hostname, status, availability, manager status, and engine version of each node in the swarm2. You can also use the -f or --filter flag to filter the nodes by various criteria, such as role, label, or name2. References:
* 1: docker inspect | Docker Docs
* 2: docker node ls | Docker Docs


質問 # 99
Two pods bear the same label, app: dev.
Will a label selector matching app: dev match both of these pods?

  • A. Yes, if both pods were pre-existing when the label selector was declared.
  • B. Yes, if the pods are in the same Kubernetes namespace as the object bearing the label selector and both pods were preexisting when the label selector was declared.
  • C. Yes, as long as all the containers in those pods are passing their livenessProbes and readinessProbes.
  • D. Yes, if the pods are in the same Kubernetes namespace as the object bearing the label selector

正解:B


質問 # 100
You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object.
Does this command display it?
Solution: kubectl logs deployment api

  • A. No
  • B. Yes

正解:A

解説:
= The command kubectl logs deployment api does not display the events table for the deployment object, but rather the logs of the pods that belong to the deployment. To see the events table, you need to use the command kubectl describe deployment api, which shows the details of the deployment, including the events1. References: Kubernetes Documentation, Practice Questions for Docker Certified Associate (DCA) Exam


質問 # 101
......

[2024年07月] 合格させるDocker DCA試験一発合格保証:https://drive.google.com/open?id=1UZ_QygKk4pJmUPxxfsEEbf2fNDvOLNeC

あなたの合格率を上げろうDCA試験問題集:https://www.goshiken.com/Docker/DCA-mondaishu.html

関するブログ

もっと
DCA無料問題集