A users attempts to set the system time from inside a Docker container are unsuccessful. Could this be blocking this operation?
Solution: Linux capabilities
The Kubernetes yaml shown below describes a clusterIP service.
Is this a correct statement about how this service routes requests?
Solution: Traffic sent to the IP of this service on port 80 will be routed to port 8080 in a random pod with the label app:
nginx.
Does this describe the role of Control Groups (cgroups) when used with a Docker container?
Solution: isolation between resources used by containers
Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application.
Is this a way to accomplish this?
Solution: Create one pod and add all the resources needed for each application
Is this a Linux kernel namespace that is disabled by default and must be enabled at Docker engine runtime to be used?
Solution: user
During development of an application meant to be orchestrated by Kubernetes, you want to mount the /data directory on your laptop into a container.
Will this strategy successfully accomplish this?
Solution: Add a volume to the pod that sets hostPath.path: /data, and then mount this volume into the pod's containers as desired.
Is this a type of Linux kernel namespace that provides container isolation?
Solution: Authentication
Are these conditions sufficient for Kubernetes to dynamically provision a persistentVolume, assuming there are no limitations on the amount and type of available external storage?
Solution: A default storageClass is specified, and subsequently a persistentVolumeClaim is created.
Will this action upgrade Docker Engine CE to Docker Engine EE?
Solution: Manually download the 'docker-ee' package
Is this statement correct?
Solution.A Dockerfile stores persistent data between deployments of a container
You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_C0NTENT_TRUST=l. If myorg/myimage: 1.0 is unsigned, does Docker block this command?
Solution.docker image build, from a Dockeflle that begins FROM myorg/myimage: l1.0
You configure a local Docker engine to enforce content trust by setting the environment variable
DOCKER_CONTENT_TRUST=1.
If myorg/myimage: 1.0 is unsigned, does Docker block this command?
Solution: docker service create myorg/myimage:1.0
You created a new service named 'http' and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service?
Solution: 'docker service inspect http'
Does this command display all the pods in the cluster that are labeled as 'env: development'?
Solution: 'kubectl get pods --all-namespaces -label env=development'
Your organization has a centralized logging solution, such as Splunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution: docker system events --filter splunk
Your organization has a centralized logging solution, such as Sptunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution.docker system events- -filter splunk
You want to provide a configuration file to a container at runtime. Does this set of Kubernetes tools and steps accomplish this?
Solution: Turn the configuration file into a configMap object, use it to populate a volume associated with the pod, and mount that file from the volume to the appropriate container and path.
Does this command create a swarm service that only listens on port 53 using the UDP protocol?
Solution. ‘docker service create -name dns-cache -p 53:53 -udp dns-cache’
Can this set of commands identify the published port(s) for a container?
Solution. ‘docker port inspect", docker container inspect"
Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate?
Solution: Set IGNORE_TLS in the 'daemon.json' configuration file.
Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application.
Is this a way to accomplish this?
Solution: Create one namespace for each application and add all the resources to it.
You set up an automatic pruning policy on a DTR repository to prune all images using Apache licenses.
What effect does this have on images in this repository?
Which statement is correct about cluster management in Docker Enterprise Edition 3.x?
Can this set of commands identify the published port(s) for a container?
Solution: `docker network inspect', `docker port'
Is this the purpose of Docker Content Trust?
Solution.Sign and verify image tags.
You want to create a container that is reachable from its host's network. Does this action accomplish this?
Solution: Use --link to access the container on the bridge network.
Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate?
Solution. Set and export the IGNORE_TLS environment variable on the command line.
In Docker Trusted Registry, is this how a user can prevent an image, such as 'nginx:latest’, from being overwritten by another user with push access to the repository?
Solution: Tag the image with 'nginx:immutable'.
Will this command display a list of volumes for a specific container?
Solution: 'docker container inspect nginx'
Will this command ensure that overlay traffic between service tasks is encrypted?
Solution:docker service create --network --secure
Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory?
Solution: cgroups
The Kubernetes yaml shown below describes a networkPolicy.
Will the networkPolicy BLOCK this traffic?
Solution: a request issued from a pod bearing the tier: backend label, to a pod bearing the tier: frontend label
Will this command list all nodes in a swarm cluster from the command line?
Solution: ‘docker Is -a’
When an application being managed by UCP fails, you would like a summary of all requests made to the UCP API in the hours leading up to the failure.
What must be configured correctly beforehand for this to be possible?
The Kubernetes yaml shown below describes a networkPolicy.
Will the networkPolicy BLOCK this trafftc?
Solution. a request issued from a pod bearing the tier: backend label, to a podbearing the tier: frontend label
Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate?
Solution: List insecure registries in the 'daemon.json configuration file under the \insecure-registries' key.
Is this a supported user authentication method for Universal Control Plane?
Solution.SAML
Your organization has a centralized logging solution, such as Splunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution.docker logs
You created a new service named 'http' and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service?
Solution: 'docker ps http'
You created a new service named 'http' and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service?
Solution:'docker inspect http'
Is this an advantage of multi-stage builds?
Solution.better logical separation of Dockerfile instructions for increased readability
You want to provide a configuration file to a container at runtime. Does this set of Kubernetes tools and steps accomplish this?
Solution: Mount the configuration file directly into the appropriate pod and container using the .spec.containers.configMounts key.
Will this command display a list of volumes for a specific container?
Solution. ‘docker container inspect nginx’
You are running only Kubernetes workloads on a worker node that requires
maintenance, such as installing patches or an OS upgrade.
Which command must be run on the node to gracefully terminate all pods on
the node, while marking the node as unschedulable?