You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object.
Does this command display it?
Solution: kubectl get deployment api
Will a DTR security scan detect this?
Solution. image configuration poor practices, such as exposed ports or inclusion of compilers in production images
You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_C0NTENT_TRUST=l. If myorg/myimage: 1.0 is unsigned, does Docker block this command?
Solution. docker image build, from a Dockeflle that begins FROM myorg/myimage: l1.0
You created a new service named 'http' and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service?
Solution: 'docker inspect http'
Will this configuration achieve fault tolerance for managers in a swarm?
Solution: only two managers, one active and one passive.
During development of an application meant to be orchestrated by Kubernetes, you want to mount the /data directory on your laptop into a container.
Will this strategy successfully accomplish this?
Solution: Add a volume to the pod that sets hostPath.path: /data, and then mount this volume into the pod's containers as desired.
You add a new user to the engineering organization in DTR.
Will this action grant them read/write access to the engineering/api repository?
Solution. Mirror the engineering/api repository to one of the user's own private repositories.
An application image runs in multiple environments, with each environment using different certificates and ports.
Is this a way to provision configuration to containers at runtime?
Solution: Create a Dockerfile for each environment, specifying ports and ENV variables for certificates.
Does this describe the role of Control Groups (cgroups) when used with a Docker container?
Solution: role-based access control to clustered resources
You want to provide a configuration file to a container at runtime. Does this set of Kubernetes tools and steps accomplish this?
Solution: Mount the configuration file directly into the appropriate pod and container using the .spec.containers.configMounts key.
Your organization has a centralized logging solution, such as Sptunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution. docker system events- -filter splunk
Will this command ensure that overlay traffic between service tasks is encrypted?
Solution: docker network create -d overlay --secure
You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object. Does this command display it?
Solution: kubectl logs deployment api
One of several containers in a pod is marked as unhealthy after failing its livenessProbe many times. Is this the action taken by the orchestrator to fix the unhealthy container?
Solution: Kubernetes automatically triggers a user-defined script to attempt to fix the unhealthy container.
You are running only Kubernetes workloads on a worker node that requires
maintenance, such as installing patches or an OS upgrade.
Which command must be run on the node to gracefully terminate all pods on
the node, while marking the node as unschedulable?
Will this command mount the host's '/data' directory to the ubuntu container in read-only mode?
Solution: 'docker run --volume /data:/mydata:ro ubuntu'
The following Docker Compose file is deployed as a stack:
Is this statement correct about this health check definition?
Solution: Health checks test for app health five seconds apart. If the test fails, the container will be restarted three times before it gets rescheduled.
Is this an advantage of multi-stage builds?
Solution: optimizes Images by copying artifacts selectively from previous stages
Does this command create a swarm service that only listens on port 53 using the UDP protocol?
Solution. ‘docker service create -name dns-cache -p 53:53 -constraint networking.protocol.udp=true dns-cache"
The following Docker Compose file is deployed as a stack:
Is this statement correct about this health check definition?
Solution: Health checks test for app health ten seconds apart. Three failed health checks transition the container into “unhealthy†status.
You want to provide a configuration file to a container at runtime. Does this set of Kubernetes tools and steps accomplish this?
Solution: Turn the configuration file into a configMap object and mount it directly into the appropriate pod and container using the .spec.containers.configMounts key.
Your organization has a centralized logging solution, such as Splunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution. Set the log-driver-and log-opt keys to values for the logging solution (Splunk) in the daemon.json file.
You are pulling images from a Docker Trusted Registry installation
configured to use self-signed certificates, and this error appears:
`x509: certificate signed by unknown authority.
You already downloaded the Docker Trusted Registry certificate authority
certificate from https://dtr.example.com/ca.
How do you trust it? (Select two.)
Will this action upgrade Docker Engine CE to Docker Engine EE?
Solution. Disable the Docker service via ‘chkconfig' or 'systemctl'.
Will this command ensure that overlay traffic between service tasks is encrypted?
Solution: docker network create -d overlay -o encrypted=true
In Docker Trusted Registry, is this how a user can prevent an image, such as 'nginx:latest’, from being overwritten by another user with push access to the repository?
Solution: Tag the image with 'nginx:immutable'.
You created a new service named 'http* and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service?
Solution. ‘docker inspect http"
You want to create a container that is reachable from its host's network. Does this action accomplish this?
Solution: Use network attach to access the containers on the bridge network
Is this a Linux kernel namespace that is disabled by default and must be enabled at Docker engine runtime to be used?
Solution: mnt
Will this configuration achieve fault tolerance for managers in a swarm?
Solution: one manager node for two worker nodes
Will this sequence of steps completely delete an image from disk in the Docker Trusted Registry?
Solution: Delete the image and run garbage collection on the Docker Trusted Registry.
Is this a function of UCP?
Solution: scans images to detect any security vulnerability
Will this command ensure that overlay traffic between service tasks is encrypted?
Solution: docker service create --network --encrypted
Are these conditions sufficient for Kubernetes to dynamically provision a persistentVolume, assuming there are no limitations on the amount and type of available external storage?
Solution: A default storageClass is specified, and subsequently a persistentVolumeClaim is created.
Will this sequence of steps completely delete an image from disk in the Docker Trusted Registry?
Solution. Delete the image and delete the image repository from Docker Trusted Registry.
Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory?
Solution: namespaces
Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application.
Is this a way to accomplish this?
Solution: Create one namespace for each application and add all the resources to it.
A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.
Can this be used to schedule containers to meet the security policy requirements?
Solution: label contraints
An application image runs in multiple environments, with each environment using different certificates and ports.
Is this a way to provision configuration to containers at runtime?
Solution: Create images that contain the specific configuration for every environment.
You want to create a container that is reachable from its host's network.
Does this action accomplish this?
Solution: Use network attach to access the container on the bridge network.
You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object. Does this command display it?
Solution: kubectl describe deployment api
Seven managers are in a swarm cluster.
Is this how should they be distributed across three datacenters or availability zones?
Solution: 3-2-2
Your organization has a centralized logging solution, such as Splunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution: Set the log-driver and log-oPt keys to values for the logging solution (Splunk) In the daemon.json file.
Will this command display a list of volumes for a specific container?
Solution: docker volume logs nginx --containers'
You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object. Does this command display it?
Solution: kubectl events deployment api
Is this a type of Linux kernel namespace that provides container isolation?
Solution. Process ID
Will this action upgrade Docker Engine CE to Docker Engine EE?
Solution: Delete '/var/lib/docker' directory.
Is this the purpose of Docker Content Trust?
Solution. Indicate an image on Docker Hub is an official image.
Are these conditions sufficient for Kubernetes to dynamically provision a persistentVolume, assuming there are no limitations on the amount and type of available external storage?
Solution: A default provisioner is specified, and subsequently a persistentVolumeClaim is created.
Can this set of commands identify the published port(s) for a container?
Solution: `docker network inspect', `docker port'