You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_CONTENT_TRUST=1. If myorg/myimage: 1.0 is unsigned, does Docker block this command? Solution: docker image import <tarball> myorg/myimage:1.0
Correct Answer: A
Docker Content Trust (DCT) is a feature that allows users to verify the integrity and publisher of container images they pull or deploy from a registry server, signed on a Notary server1. DCT is enabled by setting the environment variable DOCKER_CONTENT_TRUST=1 on the Docker client. When DCT is enabled, the Docker client will only pull, run, or build images that have valid signatures for a specific tag2. However, DCT does not apply to the docker image import command, which allows users to import an image or a tarball with a repository and tag from a file or STDIN3. Therefore, if myorg/myimage:1.0 is unsigned, Docker will not block the docker image import <tarball> myorg/myimage:1.0 command, even if DCT is enabled. This is because the docker image import command does not interact with a registry or a Notary server, and thus does not perform any signature verification. However, this also means that the imported image will not have any trust data associated with it, and it will not be possible to push it to a registry with DCT enabled, unless it is signed with a valid key. References: * Content trust in Docker * Automation with content trust * [docker image import] * [Content trust and image tags]
DCA Exam Question 82
Will this command display a list of volumes for a specific container? Solution: docker container logs nginx --volumes'
Correct Answer: A
DCA Exam Question 83
Will this command mount the host's '/data* directory to the ubuntu container in read-only mode? Solution. 'docker run -add-volume /data /mydata -read-only ubuntu'
Correct Answer: B
= The command docker run -add-volume /data /mydata -read-only ubuntu will not mount the host's /data directory to the ubuntu container in read-only mode. The reason is that the command has several syntax errors and invalid options. The correct command to mount a host directory to a container in read-only mode is docker run --mount type=bind,source=/data,target=/mydata,readonly ubuntu12. The command docker run -add-volume /data /mydata -read-only ubuntu has the following problems: * The option -add-volume is not a valid option for docker run. The valid options for mounting a volume or a bind mount are --mount or -v12. * The option -read-only is not a valid option for docker run. The valid option for making the container's root filesystem read-only is --read-only3. However, this option will not affect the mounted volumes or bind mounts, which have their own readonly option12. * The argument /data /mydata is not a valid argument for docker run. The argument for docker run should be the command to run inside the container, such as bash or ping4. The source and target of the volume or bind mount should be specified in the --mount or -v option, separated by a colon12. Therefore, the command docker run -add-volume /data /mydata -read-only ubuntu will not work as intended, and will likely produce an error message or an unexpected result. References: * Use bind mounts * Use volumes * docker run * Docker run reference
DCA Exam Question 84
Which networking drivers allow you to enable multi-host network connectivity between containers?
Correct Answer: D
Explanation The networking drivers that allow you to enable multi-host network connectivity between containers are bridge, macvlan, ipvlan, and overlay. These drivers create networks that can span multiple Docker hosts, and therefore enable containers on different hosts to communicate with each other. The other drivers, such as host, user-defined, and none, create networks that are either isolated or limited to a single host. Here is a brief overview of each driver and how it supports multi-host networking: *bridge: The bridge driver creates a network that connects containers on the same host using a Linux bridge. However, it can also be used to create a network that connects containers across multiple hosts using an external key-value store, such as Consul, Etcd, or ZooKeeper. This feature is deprecated and not recommended, as it requires manual configuration and has some limitations. The preferred driver for multi-host networking is overlay1. *macvlan: The macvlan driver creates a network that assigns a MAC address to each container, making it appear as a physical device on the network. This allows the containers to communicate with other devices on the same network, regardless of the host they are running on. The macvlan driver can also use 802.1q trunking to create sub-interfaces and isolate traffic between different networks2. *ipvlan: The ipvlan driver creates a network that assigns an IP address to each container, making it appear as a logical device on the network. This allows the containers to communicate with other devices on the same network, regardless of the host they are running on. The ipvlan driver can also usedifferent modes, such as l2, l3, or l3s, to control the routing and isolation of traffic between different networks3. *overlay: The overlay driver creates a network that connects multiple Docker daemons together using VXLAN tunnels. This allows the containers to communicate across different hosts, even if they are on different networks. The overlay driver also supports encryption, load balancing, and service discovery. The overlay driver is the default and recommended driver for multi-host networking, especially for Swarm services4. References: *Use bridge networks *Use macvlan networks *Use ipvlan networks *Use overlay networks
DCA Exam Question 85
What is the difference between the ADD and COPY dockerfile instructions? (choosen 2)
Newest DCA Exam PDF Dumps shared by Actual4test.com for Helping Passing DCA Exam! Actual4test.com now offer the updated DCA exam dumps, the Actual4test.com DCA exam questions have been updated and answers have been corrected get the latest Actual4test.com DCA pdf dumps with Exam Engine here:
