• ホーム
  • ブログ
  • Docker DCA試験問題集にはPDF問題とテストエンジンを試せ! [Q15-Q37]

Docker DCA試験問題集にはPDF問題とテストエンジンを試せ! [Q15-Q37]

Share

Docker DCA試験問題集にはPDF問題とテストエンジンを試せ!

最新DCA試験問題集には合格保証付きます

質問 # 15
Will this command list all nodes in a swarm cluster from the command line?
Solution: 'docker Is -a'

  • A. Yes
  • B. No

正解:A


質問 # 16
A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.
Can this be used to schedule containers to meet the security policy requirements?
Solution: node taints

  • A. No
  • B. Yes

正解:A

解説:
Explanation
Node taints cannot be used to schedule containers to meet the security policy requirements, because node taints are a Kubernetes concept and not a Swarm concept. According to the official documentation, node taints are used to mark nodes with certain attributes that prevent pods from being scheduled on them unless they have matching tolerations.
References: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/


質問 # 17
An application image runs in multiple environments, with each environment using different certificates and ports.
Is this a way to provision configuration to containers at runtime?
Solution: Provision a Docker config object for each environment.

  • A. Yes
  • B. No

正解:A

解説:
Explanation
Provisioning a Docker config object for each environment is a way to provision configuration to containers at runtime. A Docker config object is a file that contains configuration data for an application or service. It can be created using the docker config create command and then attached to a service using the --config flag of the docker service create or update command. This allows different configurations to be applied to different environments without changing the image or the code of the application. References:
https://docs.docker.com/engine/swarm/configs/,
https://docs.docker.com/engine/reference/commandline/config_create/


質問 # 18
Will this command mount the host's '/data* directory to the ubuntu container in read-only mode?
Solution. 'docker run -add-volume /data /mydata -read-only ubuntu'

  • A. No
  • B. Yes

正解:A

解説:
Explanation
This command does not mount the host's /data directory to the ubuntu container in read-only mode. The
--add-volume and --read-only flags do not exist and will cause an error. To mount a host directory or a named volume to a container, you need to use the -v or --volume flag. To mount the host's /data directory to the ubuntu container in read-only mode, you need to use -v /data:/mydata:ro instead. References:
https://docs.docker.com/storage/bind-mounts/,
https://docs.docker.com/engine/reference/run/#volume-shared-filesystems


質問 # 19
Does this command display all the pods in the cluster that are labeled as 'env: development'?
Solution: 'kubectl get pods --all-namespaces -label env=development'

  • A. No
  • B. Yes

正解:A


質問 # 20
Will this sequence of steps completely delete an image from disk in the Docker Trusted Registry?
Solution: Delete the image and delete the image repository from Docker Trusted Registry

  • A. No
  • B. Yes

正解:A

解説:
Explanation
Deleting the image and deleting the image repository from Docker Trusted Registry will not completely delete the image from disk. According to the official documentation, you also need to run garbage collection on the Docker Trusted Registry to reclaim disk space.
References: https://docs.docker.com/ee/dtr/admin/manage-images/garbage-collection/


質問 # 21
The Kubernetes yaml shown below describes a clusterIP service.

Is this a correct statement about how this service routes requests?
Solution: Traffic sent to the IP of any pod with the label app: nginx on port 8080 will be forwarded to port 80 in that pod.

  • A. Yes
  • B. No

正解:A


質問 # 22
Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application.
Is this a way to accomplish this?
Solution: Create one pod and add all the resources needed for each application

  • A. No
  • B. Yes

正解:A

解説:
Explanation
his is not a way to accomplish this, because creating one pod and adding all the resources needed for each application is not a good practice for deploying applications in Kubernetes. According to the official documentation, pods are not intended to run multiple instances of an application or different applications that are tightly coupled. Pods are also not meant to hold resources that are shared across applications, such as secrets or configMaps.
References: https://kubernetes.io/docs/concepts/workloads/pods/#what-is-a-pod


質問 # 23
Which of the following commands will create a swarm service which only listens on port 53 using the UDP protocol?

  • A. docker service create --name dns-cache -p 53:53 --udp dns-cache
  • B. docker service create --name dns-cache -p 53:53 ..constraint
    networking.protocol.udp=true dns-cache
  • C. docker service create --name dns-cache -p 53:53 --service udp dns-cache
  • D. docker service create --name dns-cache -p 53:53/udp dns-cache

正解:D


質問 # 24
Will this command ensure that overlay traffic between service tasks is encrypted?
Solution: docker service create --network --secure

  • A. No
  • B. Yes

正解:A

解説:
Explanation
This command will not ensure that overlay traffic between service tasks is encrypted, because it uses an invalid option for enabling encryption and an incomplete option for specifying the network. According to the official documentation, there is no such option as --secure for the docker service create command. The correct option to use is --network <network-name> where <network-name> is an existing overlay network that was created with encryption enabled.
References: https://docs.docker.com/network/drivers/overlay/#encryption
https://docs.docker.com/engine/reference/commandline/service_create/


質問 # 25
The following health check exists in a Dockerfile:
'HEALTCHECK CMD curl --fail http://localhost/health || exit 1'
Which of the following describes its purpose?

  • A. Defines the health check endpoint on the local host interface for containers to monitor the health of the docker engine.
  • B. Defines the action taken when container health fails, which in this case will kill the container with exit status 1
  • C. Defines the health check for the containerized application so that the application health can be monitored by the Docker engine
  • D. Defines the health check endpoint on the localhost interface for external monitoring tools to monitor the health of the docker engine.

正解:B


質問 # 26
Are these conditions sufficient for Kubernetes to dynamically provision a persistentVolume, assuming there are no limitations on the amount and type of available external storage?
Solution: A default storageClass is specified, and subsequently a persistentVolumeClaim is created.

  • A. Yes
  • B. No

正解:A


質問 # 27
A users attempts to set the system time from inside a Docker container are unsuccessful. Could this be blocking this operation?
Solution: inter-process communication

  • A. No
  • B. Yes

正解:A

解説:
Explanation
Inter-process communication is not blocking this operation. Inter-process communication (IPC) is a mechanism that allows processes to communicate and synchronize their actions. IPC creates a set of interfaces for exchanging various types of data. Docker supports IPC namespaces to isolate IPC resources between processes in different containers. However, IPC does not affect the ability to set the system time from inside a Docker container. References: https://docs.docker.com/engine/reference/run/#ipc-settings-ipc,
https://man7.org/linux/man-pages/man7/ipc.7.html


質問 # 28
Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate?
Solution: Pass the '--insecure-registry' flag to the daemon at run time.

  • A. Yes
  • B. No

正解:A


質問 # 29
Will this sequence of steps completely delete an image from disk in the Docker Trusted Registry?
Solution. Delete the image and delete the image repository from Docker Trusted Registry.

  • A. No
  • B. Yes

正解:A

解説:
Explanation
Deleting the image and deleting the image repository from Docker Trusted Registry (DTR) does not completely delete an image from disk in DTR. Deleting an image only removes its tag and association with a repository, but does not delete its underlying layers from disk. Deleting a repository only removes its metadata and tags, but does not delete its underlying layers from disk either. To completely delete an image from disk in DTR, you need to run a garbage collection job after deleting the image or the repository. A garbage collection job scans the DTR storage and removes any unused layers that are not referenced by any images or repositories. References: https://docs.docker.com/ee/dtr/user/manage-images/delete-images/,
https://docs.docker.com/ee/dtr/admin/configure/garbage-collection/


質問 # 30
Does this command create a swarm service that only listens on port 53 using the UDP protocol?
Solution: 'docker service create --name dns-cache -p 53:53/udp dns-cache'

  • A. Yes
  • B. No

正解:A

解説:
Explanation
This command creates a swarm service that only listens on port 53 using the UDP protocol, because the -p flag specifies the published port and target port separated by a colon (:) and followed by the protocol name (/udp).
According to the official documentation, this is an example of using the short version of the publish option to expose a port for a service.
References:
https://docs.docker.com/engine/reference/commandline/service_create/#publish-service-ports-externally-to-the-s


質問 # 31
Which of the following constitutes a production-ready devicemapper configuration for the Docker engine?

  • A. Format a partition with xfs and mount it at '/var/lib/docker'
  • B. Create a volume group in devicemapper and utilize the '--dm.thinpooldev' Docker daemon
    option, specifying the volume group
  • C. Utilize the '--storage-opt dm.directlvm_device' Docker daemon option, specifying a block
    device
  • D. Nothing, devicemapper comes ready for production usage out of the box

正解:C


質問 # 32
Will this command ensure that overlay traffic between service tasks is encrypted?
Solution: docker network create -d overlay --secure

  • A. No
  • B. Yes

正解:A


質問 # 33
What is the docker command to find the current logging driver for a running container?

  • A. docker config
  • B. docker info
  • C. docker inspect
  • D. docker stats

正解:C


質問 # 34
Will this command display a list of volumes for a specific container?
Solution: docker volume logs nginx --containers'

  • A. No
  • B. Yes

正解:A


質問 # 35
Wha is the purpose of Docker Content Trust?

  • A. Docker registry TLS verification and encryption
  • B. Enabling mutual TLS between the Docker client and server
  • C. Signing and verification of image tags
  • D. Indicating an image on Docker Hub is an official image

正解:C


質問 # 36
The following Docker Compose file is deployed as a stack:

Is this statement correct about this health check definition?
Solution: Health checks test for app health ten seconds apart. If the test fails, the container will be restarted three times before it gets rescheduled.

  • A. No
  • B. Yes

正解:A


質問 # 37
......

信頼できるDocker Certified Associate DCA問題集PDFには2024年01月06日更新された問題です:https://www.goshiken.com/Docker/DCA-mondaishu.html

必ず合格できるDocker DCA試験正確な145問題と解答あります:https://drive.google.com/open?id=1TG0I88jMQrd3llI7n9ahX6jOsL0U_qRq

関するブログ

もっと
DCA無料問題集