Docker Practice Exam 3
1) What Orchestrator does Docker EE UCP 3.x currently support?
a) only docker swarm
b) only kubernetes
c) docker swarm & kubernetes
d) docker swarm , kubernetes & mesos
2) Which of the following statements is NOT true about UCP Orchestrator
a) Users can use compose file to deploy kubernetes workloads.
b) Users can use k8s deployment config yaml file to deploy kubernetes
workloads.
c) Users can use compose file to deploy swarm workloads.
d) Users can use k8s deployment config yaml file to deploy swarm
workloads.
3) What are the two types of service deployments?
a) standalone & multiple
b) replicated & global
c) standalone & replicated
d) standalone & global
4) On which directory is all swarm configuration stored by default?
a) /etc/docker/swarm/
b) /opt/docker/swarm/
c) /var/lib/docker/swarm/
d) /etc/swarm/docker/
5) Which commands will allow you to scale an existing service called
‘webapp’ to 3 replicas?
a) docker service scale webapp=3
b) docker service scale --replicas=3 webapp
c) docker run webapp --scale=3
d) docker scale webapp --nodes=5
6) Which of the following statements is NOT true about docker-compose?
a) docker-compose allows you to define and run multiple containers at
once.
b) docker-compose relies on docker engine, so docker engine must be
installed to use docker-compose
c) You can instruct docker compose to build an image to be used by the
service.
d) Running “docker-compose up” will bring up the container in any
schedulable node in a swarm cluster
7) Which command can be used to see which nodes are running a specified
service?
a) docker service ps <service name>
b) docker node ls
c) docker node service=< service name >
d) docker get node --service=<service name>
8) Which method can be used to add additional UCP worker node after the
initial installation is finished.
a) You can’t add an additional node after installation.
b) Running “docker swarm add-node <hostname>” from the manager node.
c) Go to the webui, click on “add nodes” and simply fill the intended node
hostname , username and password.
d) Running “docker swarm join --token <worker token> <manager url>”
from the intended worker node
9) Which command can be used to display details about a service in an
easily readable format.
a) docker service inspect --readable <service name>
b) docker service inspect --easy <service name>
c) docker service inspect --pretty <service name>
d) docker service inspect --output=pretty <service name>
10) Which algorithm does docker swarm use to manage the global cluster
state?
a) Raft Consensus Algorithm
b) Round Robin Algorithm
c) FIFO Algorithm
d) Routing Mesh Algorithm
11) In a HA setup with 5 managers node, what will happen if 3 of the
managers are down?
a) Nothing, the cluster should be still fully running
b) all existing services will go down.
c) The existing services keep running but the scheduler cannot deploy new
services or redeploy a failure one.
d) every functionality should work but with decreased performance.
12) Which command can be used to deploy a service using a compose file
that works for both kubernetes & swarm Orchestrator?
a) docker create service <image name> <service name>
b) docker stack deploy --compose-file docker-compose.yml <stack name>
c) docker new-app --compose-file docker-compose.yml <stack name>
d) docker deploy --compose-file docker-compose.yml <stack name>
13) Which command can be used on a manager node to create a new swarm
cluster.
a) docker swarm setup
b) docker create swarm
c) docker swarm init
d) docker node create swarm
14) Which of the following feature is NOT yet available from docker UCP
webui?
a) Role Based Access Control
b) Application deployment
c) Source to image (s2i) deployment
d) node management
15) Which instruction on Dockerfile will allow you to set a baseline image
for your image creation?
a) FROM
b) RUN
c) CMD
d) INIT
16) A Dockerfile usually starts with a “FROM” instruction. Is there any
instruction that may precede it on a valid Dockerfile?
a) INIT
b) CMD
c) ARG
d) Nothing can precede “FROM” instruction
17) Which instruction on Dockerfile will set the environment variable on
containers running from resulting image?
a) ARG
b) ENV
c) VAR
d) RUN
18) Which command will allow you “rename” images called “nginx:latest”
into “myapp:v2”, assuming “nginx:latest” is already available in your local
image store?
a) docker tag nginx:latest myapp:v2
b) docker rename nginx:latest myapp:v2
c) docker copy nginx:latest myapp:v2
d) docker mv nginx:latest myapp:v2
19) Suppose you have a running container with id “c3f279d18e0a” and
have made few changes inside the container. How do you create new image
called “myapp:v2” that has all the changes from the modified container?
a) docker build myapp:v2 --FROM c3f279d18e0a
b) docker save myapp:v2 --FROM c3f279d18e0a
c) docker commit c3f279d18e0a myapp:v2
d) docker commit myapp:v2 --CONTAINER c3f279d18e0a
20) Which of the following commands is NOT a possible way to build an
image?
a) docker build .
b) docker build https://github.com/docker/rootfs.git#container:docker
c) docker build http://server/context.tar.gz
d) docker build “FROM centos \ RUN yum install httpd \ CMD [“init”]”
21) Which of the following statements is not good practice to build docker
image?
a) Use multi-stage strategy to compile apps in one stage and selectively
copy the artifact for the final image.
b) Always try to use an official image as a base image.
c) Use a different Dockerfile for Development and Production stage.
d) Only ADD required file instead of the whole directory as build context.
22) What is the difference between the CMD and ENTRYPOINT
instruction in Dockerfile?
a) There’s no difference. CMD is an alias for ENTRYPOINT
b) CMD instruction allows you to set a default command, which will be
executed only when you run container without specifying a command,
while ENTRYPOINT argument will always be executed.
c) ENTRYPOINT must always be used in conjunction with CMD, while
CMD can be used by itself.
d) ENTRYPOINT specified the default directory to run the CMD
23) What is the difference between the COPY and ADD instruction in
Dockerfile?
a) There’s no difference. COPY is an alias for ADD
b) COPY didn’t have tar extraction and remote URL handling, while ADD
has.
c) COPY didn’t support recursive copy, while ADD support it.
d) All of the above.
24) What command can be used to Save one or more images to a tar archive
and remove all unused images from a single node?
a) docker image prune
b) docker image rm
c) docker clear images
d) All of the above.
25) What command can be used to save one or more images to a tar archive
a) docker image import
b) docker image tar
c) docker image save
d) docker image load
26) What is the preferred mechanism for persisting data generated by and
used by Docker containers?
a) volumes
b) bind mount
c) host mount
d) iscsi
27) Which command can be used to create a volume called “myvol” using
default parameters?
a) docker volume create myvol
b) docker create-volume myvol
c) docker volume create myvol --default
d) docker make volume myvol
28) Which command can be used to delete an existing volume named
“myvol”?
a) docker volume delete myvol
b) docker volume rm myvol
c) docker remove volume myvol
d) docker rm myvol
29) Which command can be used to view the mountpoint of existing
volume named “app-vol”?
a) docker volume ls app-vol
c) docker volume app-vol --view-mount
c) docker volume inspect app-vol
d) docker view-mount app-vol
30) An app called “frontend” based on “nginx:latest” image needs to run
with the “/var/www/html/” directory inside the container mounted to a
volume named “app_dir”. Which command can you use to do this?
a) docker run --name frontend -v app_dir nginx:latest
b) docker run --name frontend -v app_dir:/var/www/html nginx:latest
c) docker run --name frontend -v /var/www/html nginx:latest
d) docker run --name frontend -v /var/www/html:app_dir nginx:latest
31) Which command will succesfully mount a read-only volume using --
mount options?
a) docker run --mount source=nginx-
vol,destination=/usr/share/nginx/html,readonly nginx:latest
b) docker run --mount source=nginx-vol,destination=/usr/share/nginx/html -
-ro nginx:latest
c) docker run --mount source=nginx-vol,destination=/usr/share/nginx/html
nginx:latest
d) None of the above.
32) Which docker storage driver is recommended to use on RHEL 7 and
Centos 7?
a) devicemapper & overlay2
b) aufs
c) vfs
d) btrfs
33) Which mode is required for production setup when using devicemapper
storage driver?
a) loop-lvm
b) production-lvm
c) direct-lvm
d) persistent-lvm
34) Which backing filesystems is/are supported for overlay2 storage
drivers?
a) ext4 & xfs
b) ntfs
c) ext3
d) aufs
35) Which network drivers is/are supported by docker?
a) bridge
b) host
c) macvlan
d) All of the above.
36) Which networking features are supported by Docker EE using UCP?
(Choose 2 correct answers)
a) HTTP Routing Mesh
b) Packet Randomizer
c) Session Stickiness
d) Layer 2 Subnetting
37) Which command can be used to create a docker network called
“backend-net” using a bridge adapter?
a) docker network create backend-net
b) docker network create bridge backend-net
c) docker network create --bridge backend-net
d) docker network create bridge/backend-net
38) How do you connect an existing container named “postgres” to existing
network callend “backend-net”?
a) docker attach postgres backend-net
b) docker network connect backend-net postgres
c) docker network attach backend-net postgres
d) None of the above.
39) Which configuration is need to be applied in Linux Kernel to enable
traffic forwarding from Docker containers to the public network?
a) sysctl net.ipv4.conf.all.forwarding=0
b) sysctl net.ipv4.conf.all.forwarding=1
c) sysctl net.ipv4.conf.all.block=0
d) sysctl net.ipv4.conf.all.block=1
40) Which option can be used to map UDP port 223 in the container to port
8080 on a docker host?
a) -p 8080:223 --udp
b) -p 223/udp:8080
c) -p 8080:223/udp
d) -p 8080/udp:223
41) Which tool does docker EE use to sign trusted image?
a) registry:v2
b) docker swarm
c) notary
d) keytool
42) Which of the following features is available on docker trusted registry?
( Choose 3 Answers )
a) image scanning
b) image signing
c) Role Based Access Control
d) Automatic image hardening
43) How do you prevent image tags from being overwritten on Docker
Trusted Registry?
a) set environment variable DOCKER_IMMUTABLE_TAG=1 in all hosts
b) set docker_immutable_tag:true on daemon.json
c) In the DTR web UI, navigate to the repository settings page, and change
Immutability to On.
d) None of the above.
44) What is the recommended node to install Docker Trusted Registry for
Production use?
a) Managers node to reduce latency
b) Shared worker node for faster image pulling
c) Dedicated worker node managed by UCP
d) Dedicated worker node outside UCP Cluster
45) What is the recommended minimum numbers of replicas to setup DTR
for High Availability?
a) 2 replicas
b) 3 replicas
c) 4 replicas
d) 6 replicas
46) Which Storage systems does DTR support as storage backend?
a) Amazon S3
b) Local filesystem
c) NFS
d) All of the above.
47) What does Garbage Collection do in DTR?
a) Identifies and delete all images that haven’t been used on some
configurable times.
b) Identifies and remove unused images layers.
c) Remove all base images, keeping all the modified ones.
d) Remove all tmpfs used to build images.
48) What happens when Garbage Collection puts DTR in read-only mode?
a) Users can still push and pull image from DTR.
b) Users can only view list of image available in DTR
c) Users can pull image from DTR but unable to push a new one.
d) None of the above.
49) When one or more DTR replicas are unhealthy but the overall majority
(n/2 + 1) are healthy and able to communicate with one another. What is the
recommended way to restore the clusters?
a) Troubleshoot the failing nodes at all costs.
b) Copy the configuration file from working nodes to the failing ones.
c) Remove the unhealthy replicas from the DTR cluster, Join new replicas
to make DTR highly available.
d) b and c are correct
50) What CVE Database can be used by the DTR for image vulnerability
scanning?
a) Online database downloaded from https://dss-cve-updates.docker.com/
b) Embedded database put on the image
c) Upload offline .tar database file on the webui.
d) a and c
Practice Exam 3 Answer Key
1) c
2) d
3) b
4) c
5) a
6) d
7) a
8) d
9) c
10) a
11) c
12) b
13) c
14) c
15) a
16) c
17) b
18) a
19) c
20) d
21) c
22) b
23) b
24) a
25) c
26) a
27) a
28) b
29) c
30) b
31) a
32) a
33) c
34) a
35) d
36) a, c
37) a
38) b
39) b
40) c
41) c
42) a, b, c
43) c
44) c
45) b
46) d
47) b
48) d
49) c
50) d