[2023年11月04日] DCAテストエンジンお試しセット、DCA問題集PDF
最新のDocker DCAのPDFと問題集で(2023)無料試験問題解答
Docker Certified Associate(DCA)試験は、コンテナ化とDocker技術に関する専門知識とスキルを検証する認定プログラムです。このプログラムは、Dockerツールやサービスの使用、Dockerイメージの作成と管理、Dockerコンテナの展開と管理における個人の熟練度をテストするために設計されています。DCA認定は、Dockerの専門知識のベンチマークとして世界的に認められており、IT業界でキャリアを進めたいプロフェッショナルにとって貴重な資格とされています。
Docker Certified Associate(DCA)認定試験は、Docker Enterprise Edition(EE)とDocker Community Edition(CE)を実際の環境で使用する能力と習熟度を検証する専門的な認定です。この試験は、Dockerコンテナの展開と管理、画像の操作、ネットワーキング、セキュリティなど、Dockerに関連するタスクを実行する候補者の能力をテストするように設計されています。
DCA試験は、コンテナ化、オーケストレーション、ネットワーキング、セキュリティ、ストレージなど、Dockerに関連するトピックをカバーしています。試験は、候補者が実際のシナリオでDockerを扱う能力をテストするように設計されており、複数選択肢とインタラクティブなタスクの両方を含んでいます。この試験は、コンピュータベースであり、世界中のどこからでもオンラインで受験することができるため、あらゆるバックグラウンドと場所の候補者にアクセス可能です。
質問 # 59
Your organization has a centralized logging solution, such as Splunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution: Set the log-driver and log-oPt keys to values for the logging solution (Splunk) In the daemon.json file.
- A. Yes
- B. No
正解:A
解説:
Explanation
Setting the log-driver and log-opt keys to values for the logging solution (Splunk) in the daemon.json file does configure a Docker container to export container logs to the logging solution. The daemon.json file is a configuration file for the Docker daemon that allows you to specify various options for the daemon, such as logging drivers, logging options, storage drivers, etc. The log-driver option sets the default logging driver for all containers, unless overridden by the --log-driver option when creating or running a container. The log-opt option sets the default options for the logging driver, such as the Splunk URL, token, source, etc. References:
https://docs.docker.com/config/containers/logging/configure/,
https://docs.docker.com/config/containers/logging/splunk/
質問 # 60
The following health check exists in a Dockerfile:
'HEALTCHECK CMD curl --fail http://localhost/health || exit 1'
Which of the following describes its purpose?
- A. Defines the health check for the containerized application so that the application health can be monitored by the Docker engine
- B. Defines the health check endpoint on the local host interface for containers to monitor the health of the docker engine.
- C. Defines the action taken when container health fails, which in this case will kill the container with exit status 1
- D. Defines the health check endpoint on the localhost interface for external monitoring tools to monitor the health of the docker engine.
正解:C
質問 # 61
Which one of the following commands will show a list of volumes for a specific container?
- A. 'docker volume inspect nginx'
- B. 'docker volume logs nginx --containers'
- C. 'docker container logs nginx --volumes'
- D. 'docker container inspect nginx'
正解:D
質問 # 62
Is this a supported user authentication method for Universal Control Plane?
Solution: PAM
- A. No
- B. Yes
正解:A
解説:
Explanation
PAM is not a supported user authentication method for Universal Control Plane. According to the official documentation, the supported methods are LDAP, Active Directory, SAML 2.0, and local users.
References: https://docs.docker.com/ee/ucp/admin/configure/external-auth/
質問 # 63
You configure a local Docker engine to enforce content trust by setting the environment variable
DOCKER_CONTENT_TRUST=1.
If myorg/myimage: 1.0 is unsigned, does Docker block this command?
Solution: docker service create myorg/myimage:1.0
- A. No
- B. Yes
正解:A
質問 # 64
The Kubernetes yaml shown below describes a clusterIP service.
Is this a correct statement about how this service routes requests?
Solution: Traffic sent to the IP of any pod with the label app: nginx on port 8080 will be forwarded to port 80 in that pod.
- A. Yes
- B. No
正解:A
質問 # 65
Is this a function of UCP?
Solution: image role-based access control
- A. Yes
- B. No
正解:A
解説:
Explanation
Image role-based access control is a function of UCP. UCP allows you to define granular permissions for users and teams to access images stored in DTR. You can assign different roles to users and teams, such as read-only, read-write, or admin, for each image repository or namespace. This way, you can control who can pull or push images to your registry. References: https://docs.docker.com/ee/ucp/
質問 # 66
The Kubernetes yaml shown below describes a networkPolicy.
Will the networkPolicy BLOCK this trafftc?
Solution. a request issued from a pod bearing the tier: backend label, to a pod bearing the tier: frontend label
- A. Yes
- B. No
正解:A
解説:
Explanation
The networkPolicy will block this traffic. A networkPolicy is a Kubernetes resource that defines how pods are allowed to communicate with each other and with other network endpoints. A networkPolicy has two main sections: podSelector and policyTypes. The podSelector selects which pods the networkPolicy applies to. The policyTypes specifies whether the networkPolicy affects ingress (incoming) traffic, egress (outgoing) traffic, or both. In this case, the networkPolicy applies to pods that have a label app: webserver and affects both ingress and egress traffic. The networkPolicy also has two optional sections: ingress and egress. The ingress section defines the rules for allowing ingress traffic to the selected pods. The egress section defines the rules for allowing egress traffic from the selected pods. If either section is missing or empty, it means that no traffic of that type is allowed. In this case, the networkPolicy has an empty ingress section, which means that no ingress traffic is allowed to the pods that have a label app: webserver. Therefore, a request issued from a pod bearing the tier: backend label, to a pod bearing the tier: frontend label will be blocked by this networkPolicy, since it is an ingress traffic to a pod that has a label app: webserver. References:
https://kubernetes.io/docs/concepts/services-networking/network-policies/,
https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#networkpolicy-v1-networking-k8s-io
質問 # 67
Will this sequence of steps completely delete an image from disk in the Docker Trusted Registry?
Solution: Delete the image and run garbage collection on the Docker Trusted Registry.
- A. No
- B. Yes
正解:A
質問 # 68
Will this command list all nodes in a swarm cluster from the command line?
Solution: 'docker Is -a'
- A. Yes
- B. No
正解:A
質問 # 69
Will this command ensure that overlay traffic between service tasks is encrypted?
Solution: docker network create -d overlay -o encrypted=true <network-name>
- A. Yes
- B. No
正解:A
質問 # 70
A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.
Can this be used to schedule containers to meet the security policy requirements?
Solution: label contraints
- A. Yes
- B. No
正解:A
解説:
Explanation
Label constraints can be used to schedule containers to meet the security policy requirements, because label constraints allow you to specify which nodes a service can run on based on node labels. According to the official documentation, label constraints are used to filter nodes based on their role, availability, or any other criteria.
References: https://docs.docker.com/engine/swarm/services/#specify-service-constraints
質問 # 71
During development of an application meant to be orchestrated by Kubernetes, you want to mount the /data directory on your laptop into a container.
Will this strategy successfully accomplish this?
Solution: Add a volume to the pod that sets hostPath.path: /data, and then mount this volume into the pod's containers as desired.
- A. Yes
- B. No
正解:A
解説:
Explanation
Adding a volume to the pod that sets hostPath.path: /data, and then mounting this volume into the pod's containers as desired is a strategy that successfully accomplishes this. A hostPath volume mounts a file or directory from the host node's filesystem into a pod. It can be used to access files on the host from a container, such as configuration files, logs, binaries, etc. However, this type of volume is not portable across nodes and should be used with caution. References: https://kubernetes.io/docs/concepts/storage/volumes/#hostpath,
https://kubernetes.io/docs/tasks/configure-pod-container/configure-volume-storage/
質問 # 72
A users attempts to set the system time from inside a Docker container are unsuccessful. Could this be blocking this operation?
Solution: inter-process communication
- A. No
- B. Yes
正解:A
質問 # 73
Which of the following commands wifi automatically create a volume when a container is started?
- A. 'docker container run --name nginxtest --volumes=/app nginx'
- B. 'docker container run --name nginxtest -v /app:mount nginx'
- C. 'docker container run --name nginxtest --volumes myvol:/app:new nginx'
- D. 'docker container run --name nginxtest -v myvol:/app nginx'
正解:A
質問 # 74
If installing Docker using devicemapper for storage with the Intent to run production workloads, how should devicemapper be configured
- A. overlay-lvm
- B. direct-lvm
- C. loop-lvm
- D. aufs-lvm
正解:B
質問 # 75
Will this command list all nodes in a swarm cluster from the command line?
Solution: 'docker swarm nodes'
- A. No
- B. Yes
正解:A
質問 # 76
Will this command ensure that overlay traffic between service tasks is encrypted?
Solution: docker service create --network --secure
- A. No
- B. Yes
正解:A
質問 # 77
Is this a supported user authentication method for Universal Control Plane?
Solution: PAM
- A. No
- B. Yes
正解:A
質問 # 78
Can this set of commands identify the published port(s) for a container?
Solution. 'docker container inspect", docker port'
- A. Yes
- B. No
正解:A
解説:
Explanation
This set of commands can identify the published port(s) for a container. The docker container inspect command shows low-level information about a container in JSON format. This information includes the network settings of the container, such as the port bindings and exposed ports. The docker port command shows the public port(s) that are mapped to a private port inside the container. By using these two commands, you can identify the published port(s) for a container. References:
https://docs.docker.com/engine/reference/commandline/container_inspect/,
https://docs.docker.com/engine/reference/commandline/port/
質問 # 79
Following the principle of least privilege, which of the following methods can be used to securely grnt access to the specific user to communicate to a Docker engine? (Choose two.)
- A. Utilize the '--host 0.0.0.0:2375' option to the Docker daemon to listen on port 2375 over
TCP on all interfaces - B. Give the user root access to the server to allow them to run Docker commands as root.
- C. Add the user to the 'docker' group on the server or specify the grouè with the '--group' Docker daemon option.
- D. Utilize the '--host 127.0.0.1:2375' option to the Docker daemon to listen on port 2375 over
TCP on localhost - E. Utilize openssl to create TLS client and server certificates, configuring the Docker engine to
use with mutual TLS over TCP.
正解:C、E
質問 # 80
Seven managers are in a swarm cluster.
Is this how should they be distributed across three datacenters or availability zones?
Solution: 3-3-1
- A. No
- B. Yes
正解:A
解説:
Explanation
This is not how they should be distributed across three datacenters or availability zones, because having one manager in one datacenter or availability zone creates a single point of failure and reduces the fault tolerance of the swarm. According to the official documentation, managers should be distributed evenly across datacenters or availability zones to ensure that the swarm can survive the loss of any one datacenter or availability zone.
References: https://docs.docker.com/engine/swarm/admin_guide/#add-manager-nodes-for-fault-tolerance
質問 # 81
......
あなたを合格させるDocker Certified Associate DCA試験問題集で2023年11月04日には145問あります:https://jp.fast2test.com/DCA-premium-file.html
DCA無料試験学習ガイド!(更新された145問あります):https://drive.google.com/open?id=1AaQgnmGtCs0nDky4HVa-5ec3KHnhsiR1