Is this the purpose of Docker Content Trust?

Solution. Sign and verify image tags.

Will this command list all nodes in a swarm cluster from the command line?

Solution. ‘docker inspect nodes

In the context of a swarm mode cluster, does this describe a node?

Solution: an instance of the Docker engine participating in the swarm

You want to create a container that is reachable from its host's network.

Does this action accomplish this?

Solution: Use network attach to access the container on the bridge network.

A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster. Can this be used to schedule containers to meet the security policy requirements?

Solution. label constraints

Seven managers are in a swarm cluster.

Is this how should they be distributed across three datacenters or availability zones?

Solution: 4-2-1

Is this a type of Linux kernel namespace that provides container isolation?

Solution: Network

You are running only Kubernetes workloads on a worker node that requires

maintenance, such as installing patches or an OS upgrade.

Which command must be run on the node to gracefully terminate all pods on

the node, while marking the node as unschedulable?

Will this configuration achieve fault tolerance for managers in a swarm?

Solution: only two managers, one active and one passive.

Your organization has a centralized logging solution, such as Splunk.

Will this configure a Docker container to export container logs to the logging solution?

Solution. docker logs

You configure a local Docker engine to enforce content trust by setting the environment variable

DOCKER_CONTENT_TRUST=1.

If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution: docker service create myorg/myimage:1.0

Will this command display a list of volumes for a specific container?

Solution. ‘docker container logs nginx –volumes’

The Kubernetes yaml shown below describes a networkPolicy.

Will the networkPolicy BLOCK this traffic?

Solution: a request issued from a pod bearing the tier: backend label, to a pod bearing the tier: frontend label

You want to mount external storage to a particular filesystem path in a

container in a Kubernetes pod.

What is the correct set of objects to use for this?

Will this command display a list of volumes for a specific container?

Solution: 'docker container inspect nginx'

You add a new user to the engineering organization in DTR.

Will this action grant them read/write access to the engineering/api repository?

Solution. Mirror the engineering/api repository to one of the user's own private repositories.

You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_C0NTENT_TRUST=l. If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution. docker image build, from a Dockeflle that begins FROM myorg/myimage: l1.0

Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate?

Solution. Set and export the IGNORE_TLS environment variable on the command line.

In the context of a swarm mode cluster, does this describe a node?

Solution: a physical machine participating in the swarm

Are these conditions sufficient for Kubernetes to dynamically provision a persistentVolume, assuming there are no limitations on the amount and type of available external storage?

Solution: A persistentVolumeClaim is created that specifies a pre-defined storageClass.

You configure a local Docker engine to enforce content trust by setting the environment variable

DOCKER_CONTENT_TRUST=1.

If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution: docker container run myorg/myimage:1.0

You add a new user to the engineering organization in DTR.

Will this action grant them read/write access to the engineering/api repository?

Solution: Add the user directly to the list of users with read/write access under the repository's Permissions tab.

Will this action upgrade Docker Engine CE to Docker Engine EE?

Solution. Run docker engine activate.

Will this command mount the host's '/data' directory to the ubuntu container in read-only mode?

Solution: 'docker run -v /data:/mydata --mode readonly ubuntu'

One of several containers in a pod is marked as unhealthy after failing its livenessProbe many times. Is this the action taken by the orchestrator to fix the unhealthy container?

Solution: The unhealthy container is restarted.

Is this a supported user authentication method for Universal Control Plane?

Solution. x.500

An application image runs in multiple environments, with each environment using different certificates and ports.

Is this a way to provision configuration to containers at runtime?

Solution: Provision a Docker config object for each environment.

During development of an application meant to be orchestrated by Kubernetes, you want to mount the /data directory on your laptop into a container.

Will this strategy successfully accomplish this?

Solution. Set containers. Mounts. hostBinding: /data in the container's specification.

Is this a type of Linux kernel namespace that provides container isolation?

Solution: Authentication

Your organization has a centralized logging solution, such as Splunk.

Will this configure a Docker container to export container logs to the logging solution?

Solution: docker logs

Does this describe the role of Control Groups (cgroups) when used with a Docker container?

Solution: role-based access control to clustered resources

Does this command create a swarm service that only listens on port 53 using the UDP protocol?

Solution. ‘docker service create -name dns-cache -p 53:53/udp dns-cache"

The following Docker Compose file is deployed as a stack:

Is this statement correct about this health check definition?

Solution: Health checks test for app health ten seconds apart. Three failed health checks transition the container into “unhealthy” status.

Is this an advantage of multi-stage builds?

Solution: better caching when building Docker images

The following Docker Compose file is deployed as a stack:

Is this statement correct about this health check definition?

Solution. Health checks lest for app health ten seconds apart. Three failed health checks transition the container into "unhealthy" status.

Does this command display all the pods in the cluster that are labeled as env; development'?

Solution. ‘kubectl gel pods --all-namespaces -I 'env in (development)''

Will this command list all nodes in a swarm cluster from the command line?

Solution: ‘docker Is -a’

Your organization has a centralized logging solution, such as Sptunk.

Will this configure a Docker container to export container logs to the logging solution?

Solution. docker system events- -filter splunk

Will this command mount the host's '/data* directory to the ubuntu container in read-only mode?

Solution. ‘docker run -add-volume /data /mydata -read-only ubuntu'

Which networking drivers allow you to enable multi-host network connectivity

between containers?

You are troubleshooting a Kubernetes deployment called api, and want to see the events table for this object. Does this command display it?

Solution: kubectl logs deployment api

Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory?

Solution: namespaces

A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.

Can this be used to schedule containers to meet the security policy requirements?

Solution: node affinities

Does this command display all the pods in the cluster that are labeled as 'env: development'?

Solution: 'kubectl get pods --all-namespaces -label env=development'

Will This command list all nodes in a swarm cluster from the command line?

Solution. ‘docker swarm nodes'

In Docker Trusted Registry, is this how a user can prevent an image, such as 'nginx:latest’, from being overwritten by another user with push access to the repository?

Solution: Keep a backup copy of the image on another repository.

The Kubernetes yaml shown below describes a networkPolicy.

Will the networkPolicy BLOCK this trafftc?

Solution. a request issued from a pod bearing only the tier: frontend label, to a pod bearing the tier: backend label

Is this a type of Linux kernel namespace that provides container isolation?

Solution. Process ID

Is this a type of Linux kernel namespace that provides container isolation?

Solution: Storage