Will this command ensure that overlay traffic between service tasks is encrypted?

Solution.docker network create -d overlay --secure

Are these conditions sufficient for Kubernetes to dynamically provision a persistentVolume, assuming there are no limitations on the amount and type of available external storage?

Solution: A default storageClass is specified, and subsequently a persistentVolumeClaim is created.

A persistentVolumeClaim (PVC) is created with the specification storageClass: "".and size requirements that cannot be satisfied by any existing persistentVolume.

Is this an action Kubernetes takes in this situation?

Solution: Kubernetes returns an error indicating that the PVC could not be bound with the current resources.

You created a new service named 'http' and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service?

Solution:'docker service ps http'

During development of an application meant to be orchestrated by Kubemetes, you want to mount the /data directory on your laptop into a container.

Will this strategy successfully accomplish this?

Solution. Create a Persistent VolumeClaim requesting storageClass:”” (which defaults to local storage) and hostPath: /data, and use this to populate a volume in a pod.

Will this configuration achieve fault tolerance for managers in a swarm?

Solution: one manager node for two worker nodes

Will this command display a list of volumes for a specific container?

Solution: docker volume logs nginx --containers'

Will this command display a list of volumes for a specific container?

Solution. ‘docker container inspect nginx’

Does this command create a swarm service that only listens on port 53 using the UDP protocol?

Solution: 'docker service create --name dns-cache -p 53:53/udp dns-cache'

Will this configuration achieve fault tolerance for managers in a swarm?

Solution: an odd number of manager nodes, totaling more than two

Seven managers are in a swarm cluster.

Is this how should they be distributed across three datacenters or availability zones?

Solution: 4-2-1

In Docker Trusted Registry, is this how a user can prevent an image, such as 'nginx:latest’, from being overwritten by another user with push access to the repository?

Solution: Use the DTR web Ul to make all tags in the repository immutable.

You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_C0NTENT_TRUST=l. If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution.docker image build, from a Dockeflle that begins FROM myorg/myimage: l1.0

Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application.

Is this a way to accomplish this?

Solution: Create one pod and add all the resources needed for each application

Will this command list all nodes in a swarm cluster from the command line?

Solution. ‘docker inspect nodes

Is this statement correct?

Solution: A Dockerfile provides instructions for building a Docker image

Is this a function of UCP?

Solution: image role-based access control

Which statement is correct about cluster management in Docker Enterprise Edition 3.x?

A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster. Can this be used to schedule containers to meet the security policy requirements?

Solution.label constraints

Is this a type of Linux kernel namespace that provides container isolation?

Solution.Host

Seven managers are in a swarm cluster.

Is this how should they be distributed across three datacenters or availability zones?

Solution: 5-1-1

A persistentVolumeClaim (PVC) is created with the specification storageClass: "", and size requirements that cannot be satisfied by any existing persistentVolume.

Is this an action Kubernetes takes in this situation?

Solution: The PVC remains unbound until a persistentVolume that matches all requirements of the PVC becomes available.

During development of an application meant to be orchestrated by Kubernetes, you want to mount the /data directory on your laptop into a container.

Will this strategy successfully accomplish this?

Solution: Add a volume to the pod that sets hostPath.path: /data, and then mount this volume into the pod's containers as desired.

You configure a local Docker engine to enforce content trust by setting the environment variable

DOCKER_CONTENT_TRUST=1.

If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution: docker container run myorg/myimage:1.0

Is this a supported user authentication method for Universal Control Plane?

Solution.x.500

Is this an advantage of multi-stage builds?

Solution: better caching when building Docker images

Does this describe the role of Control Groups (cgroups) when used with a Docker container?

Solution: role-based access control to clustered resources

Will this command display a list of volumes for a specific container?

Solution. ‘docker container logs nginx –volumes’

The Kubernetes yaml shown below describes a networkPolicy.

Will the networkPolicy BLOCK this trafftc?

Solution.a request issued from a pod bearing the tier: api label, to a pod bearing the tier: backend label

Will this action upgrade Docker Engine CE to Docker Engine EE?

Solution.Disable the Docker service via ‘chkconfig' or 'systemctl'.

The Kubernetes yaml shown below describes a networkPolicy.

Will the networkPolicy BLOCK this trafftc?

Solution. a request issued from a pod bearing the tier: backend label, to a podbearing the tier: frontend label

Will this command ensure that overlay traffic between service tasks is encrypted?

Solution:docker service create --network --encrypted

You want to provide a configuration file to a container at runtime. Does this set of Kubernetes tools and steps accomplish this?

Solution: Mount the configuration file directly into the appropriate pod and container using the .spec.containers.configMounts key.

Will this configuration achieve fault tolerance for managers in a swarm?

Solution: only two managers, one active and one passive.

An application image runs in multiple environments, with each environment using different certificates and ports.

Is this a way to provision configuration to containers at runtime?

Solution: Create a Dockerfile for each environment, specifying ports and ENV variables for certificates.

Will this command list all nodes in a swarm cluster from the command line?

Solution: ‘docker Is -a’

Is this a type of Linux kernel namespace that provides container isolation?

Solution: Authentication

Seven managers are in a swarm cluster.

Is this how should they be distributed across three datacenters or availability zones?

Solution: 3-3-1

One of several containers in a pod is marked as unhealthy after failing its livenessProbe many times. Is this the action taken by the orchestrator to fix the unhealthy container?

Solution: The unhealthy container is restarted.

Can this set of commands identify the published port(s) for a container?

Solution. ‘docker port inspect", docker container inspect"

Will this command mount the host's '/data' directory to the ubuntu container in read-only mode?

Solution: 'docker run -v /data:/mydata --mode readonly ubuntu'

Will this command list all nodes in a swarm cluster from the command line?

Solution: 'docker node Is'

In Docker Trusted Registry, is this how a user can prevent an image, such as 'nginx:latest’, from being overwritten by another user with push access to the repository?

Solution: Remove push access from all other users.

Is this a function of UCP?

Solution: scans images to detect any security vulnerability

How do you change the default logging driver for the docker daemon in Linux?

You want to create a container that is reachable from its host's network.

Does this action accomplish this?

Solution: Use network attach to access the container on the bridge network.

You want to mount external storage to a particular filesystem path in a

container in a Kubernetes pod.

What is the correct set of objects to use for this?

Is this an advantage of multi-stage builds?

Solution: optimizes Images by copying artifacts selectively from previous stages

Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate?

Solution. Set and export the IGNORE_TLS environment variable on the command line.

In the context of a swarm mode cluster, does this describe a node?

Solution.an instance of the Docker CLI connected to the swarm

An application image runs in multiple environments, with each environment using different certificates and ports.

Is this a way to provision configuration to containers at runtime?

Solution: Provision a Docker config object for each environment.

Will this command mount the host's '/data* directory to the ubuntu container in read-only mode?

Solution. ‘docker run -add-volume /data /mydata -read-only ubuntu'

You want to provide a configuration file to a container at runtime. Does this set of Kubernetes tools and steps accomplish this?

Solution: Turn the configuration file into a configMap object, use it to populate a volume associated with the pod, and mount that file from the volume to the appropriate container and path.

Is this a type of Linux kernel namespace that provides container isolation?

Solution: Storage

Will this action upgrade Docker Engine CE to Docker Engine EE?

Solution.Run docker engine activate.

Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory?

Solution: seccomp

Are these conditions sufficient for Kubernetes to dynamically provision a persistentVolume, assuming there are no limitations on the amount and type of available external storage?

Solution: A persistentVolumeClaim is created that specifies a pre-defined storageClass.