Docker Certified Associate – Domain 2 : Installation and Configuration (15% of exam) September 19, 2020 50 Facebook WhatsApp Linkedin Email Print Welcome to your Docker Certified Associate - Domain 3 : Installation and Configuration (15% of exam) 1. Which of the following is the recommended ways to install docker on Linux ?Download and install packages manually using system utilitiesSetup docker repository and install from repo using system utilitiesInstall using docker convenience scripts 2. On DEB based distributions of linux, Docker engine starts automatically, whereas on RPM based distributions, docker engine needs to be started using utility such as systemctl. True or False ?TrueFalse 3. To use docker as non-root user, the user should be added to group "docker". True or False ?TrueFalse 4. Which one of the following is the default and preferred Storage driver in docker ?aufsbtrfsOverlay2device mapper 5. Which of the following is the supported or backing filesystem for overlay2 storage driver in docker ?xfs with ftype=1, ext4zfsdirect LVM 6. Which command can be used to find out the docker storage driver that is currently in use ?docker infodocker node inspect nodename 7. How to configure storage driver in docker ?"storage-driver" key can be configured in /etc/docker/daemon.json. This is a daemon level configuration and cannot be changed on a per-container basis.--storage-driver flag can be passed when starting a container. 8. Any changes to daemon json requires docker daemon to be reloaded. True or False ?TrueFalse 9. Which of the following can be used to reload docker daemon configuration on linux ?kill -SIGHUP [docker-PID]systemctl reload dockerdAny of the above 10. What is the name of the docker daemon binary ?docker-iodockerdcontainerd 11. How to enable debug mode in docker ?Start dockerd with -D flagset "debug" to "true" in /etc/docker/daemon.jsonAny of the above 12. Which of the following occurs when "sudo kill -SIGUSR1 [docker-daemon's-pid]" is run on a docker node ?Silently kills the docker daemonRestarts the docker daemonForces docker's full stack trace or path to stack trace file to be logged in daemon logs. 13. Which of the following is true about "log-drivers" in docker ?log-driver is used to get information about containers and services on a docker nodelog-driver is used to retrieve logs emitted by applications running in containers or services 14. which of the following command can be used to check if docker is running ?docker infousing system commands such as "systemctl status docker"any of the above. 15. Which of the following can be used to configure log driver in docker ?by passing "--log-driver" flag while starting a container or service.by configuring "log-driver" in /etc/docker/daemon.json, which acts as default when no log-driver option is passed when starting container or service.Any of the above. 16. Which of the following can be used to configure log driver options in docker ?by passing a list of options to "--log-opt" flag along with "--log-driver" when starting a container or serviceby configuring options under "log-opt" in /etc/docker/daemon.json in the section for "log-driver". The log driver and its options act as defaults when noting is mentioned when starting a container or service.Any of the above 17. Which of the following is true about delivery mode that is configured under "log-opts" for a log driver ?This decides how messages are delivered from container to log driver.The two types of modes available are "blocking (direct) mode" OR "non-blocking (delivery) mode""In blocking mode, container application is interrupted until messages are delivered to log-driver, whereas in non-blocking mode messages are delivered to a memory buffer which is then sent to log driverAll of the above 18. blocking mode is the default logging delivery mode in docker. True or False ?TrueFalse 19. Blocking mode for logging using log-driver is not suitable for remote logging or in situations where log-driver is busy, since it causes application latency. Here, non-blocking mode is recommended. True or False ?TrueFalse 20. Non Blocking mode for logging using log-driver may cause loss of data even before it is delivered to log driver under which of the following conditions ?When the memory buffer for logging is in sufficient.When application is emitting logs very frequently causing old logs in buffer to be overwritten even before it is deliveredAll of the above. 21. When using non-blocking logging mode for log-driver, loss of logs can be avoided by ensuring there is sufficient memory on host and by increasing size of buffer using "max-buffer-size" in log-opt. True or False ?TrueFalse 22. What is the default log-driver in docker ?syslogjson-filenonelocal 23. Which of the following is true about "dual logging" feature in docker ?"docker logs" command will work even if remote logging is configured (example, splunk or awslogs). This feature is available in docker EE.in Docker CE, "docker logs" command will retrieve logs only of "local" or "json-file" or "journald" log driver is used.All of the above 24. Distribution of manager nodes across a minimum of 3 availability zones is recommended, for optimal fault tolerance. True or False ?TrueFalse 25. "docker node update --availability pause mynode" makes the worker unavailable for new tasks but existing tasks continue to run. True or False ?TrueFalse 26. A fixed or static IP should be used as advertised IP in swarm. Dynamic IP is OK for worker nodes. True or False ?TrueFalse 27. If the number of manager nodes is down to 1, it is not possible to demote that manager to worker. True or False ?TrueFalse 28. swarm backup is done by stopping swarm and taking a backup of /var/lib/docker/swarm. True or False ?TrueFalse 29. When a swarm is restored from backup, the swarm should be re initialized by passing flag "--force-new-cluster". True or False ?TrueFalse 30. If an auto-lock enabled swarm is restored from backup, it must be unlocked using an swarm unlock key first. True or False ?TrueFalse 31. When quorum is lost in swarm, a swarm can be reinitialized using --force-new-cluster. In this case which of the following is True ?Both worker nodes and manager nodes needed to be added to swarmWorker nodes are intact and manager nodes need to be re added to swarm to achieve quorum. 32. When new manager node is added the tasks running on other manager nodes are redistributed automatically for load balancing. True or False ?TrueFalse 33. Which of the following commands can be used to rebalance running tasks of a service, across available worker nodes ?docker service update --forceuse "docker service scale" command to upscale and downscale, to rebalance tasks.All of the above is correct. Also the above commands interrupts the running tasks incurring minor downtime. 34. What does "tag" option specify under "log-opt" for "log-driver" ?specifies the tag of the docker logging driver plugin image to usespecifies the string to be prefixed to log entries, along with date, time and hostname. 35. Which of the following is the technology that enables docker to run containers as isolated workspaces or layers ?cgroupsnamespaces 36. Which of the following is the technology that enables docker to limit hardware resources such as cpu for a container ?cgroups (control groups)namespacesUFS 37. Which of the following is the default container format used by docker ?libcontainerzonesBSD JailsRunc 38. To secure docker communication using TLS which of the following methods can be used ?flags: "--tlsverify", "--tls_cert=", "--tls_cacert=", "--tls_key=" shoud be passed to docker daemon when it is started.Place cacert, cert and key in ~/.docker and run "export DOCKER_HOST=tcp://docker-hostname:2376 DOCKER_TLS_VERIFY=1"Any of the above 39. Which of the following are the additional features provided by Docker Enterprise Edition, on the top of docker engine ?UCP (universal control page) - GUI to manage docker cluster and have access controlDTR (docker trusted registry) - GUI to manage docker images, Vulnerability scanning of images based on vulnerability DBAll of the above 40. docker client authentication over TLS is possible by placing the TLS client certificates on docker client node, in /etc/docker/certs.d/[myregistryhostname:port]/. True or False ?TrueFalse 41. docker/ucp image can be run to perform backup of an existing UCP instance. Does this also backup the docker swarm ?Yes, It automatically takes a back up of swarm and the UCP metadataNo, Docker swarm needs to be copied separately prior to UCP backup, since UCP backup only takes a copy of UCP's meta data. 42. UCP uses self-signed certificates by default, but allows custom CA cert, cert and key to be uploaded for use. True or False ?TrueFalse 43. UCP allows to generate and download a client bundle for client authentication. True or False ?TrueFalse 44. DTR cannot be installed without UCP. DTR can be installed only on a UCP managed worker. True or False ?TrueFalse 45. Once UCP instance is up, License from docker hub should be acquired and activated on UCP GUI page. True or False ?TrueFalse 46. ucp-agent service is started on manager and worker nodes to serve UCP components. True or False ?TrueFalse 47. When installing UCP, If nodes are not already in a swarm, nodes will be configured to run in swarm mode. True or False ?TrueFalse 48. UCP provides a feature called RBAC (Role Based Access Control) to provide granular control over cluster resources. True or False ?TrueFalse 49. DTR can be installed by running docker/dtr image along with "install" argument. True or False ?TrueFalse 50. Both installation of DTR and login to DTR web UI requires UCP credentials. True or False ?TrueFalse 51. Which of the following protects docker tags from being overwritten, when an image is pushed. ?UCP's Role Based Access Control extends this feature to DTR.Immutability option under DTR repository settings when ON, prevents tags from being overwritten. 52. Before DTR backup is done, the volume containing the DTR Image content should be backed up. True or False ?TrueFalse 53. When DTR is running multiple replicas, when taking backup, it is recommended to have DTR image backup and the DTR metadata backup of the same replica. True or False ?TrueFalse Please fill in the comment box below. Time is Up!