Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

A users attempts to set the system time from inside a Docker container are unsuccessful. Could this be blocking this operation?

Solution: Linux capabilities

A.

Yes

B.

No

Full Access
Question # 5

The Kubernetes yaml shown below describes a clusterIP service.

Is this a correct statement about how this service routes requests?

Solution: Traffic sent to the IP of this service on port 80 will be routed to port 8080 in a random pod with the label app:

nginx.

A.

Yes

B.

No

Full Access
Question # 6

Does this describe the role of Control Groups (cgroups) when used with a Docker container?

Solution: isolation between resources used by containers

A.

Yes

B.

No

Full Access
Question # 7

Which docker run` flag lifts cgroup limitations?

A.

`docker run -privileged

B.

`docker run -cpu-period

C.

`docker run -isolation

D.

`docker run -cap-drop

Full Access
Question # 8

Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application.

Is this a way to accomplish this?

Solution: Create one pod and add all the resources needed for each application

A.

Yes

B.

No

Full Access
Question # 9

Is this a Linux kernel namespace that is disabled by default and must be enabled at Docker engine runtime to be used?

Solution: user

A.

Yes

B.

No

Full Access
Question # 10

During development of an application meant to be orchestrated by Kubernetes, you want to mount the /data directory on your laptop into a container.

Will this strategy successfully accomplish this?

Solution: Add a volume to the pod that sets hostPath.path: /data, and then mount this volume into the pod's containers as desired.

A.

Yes

B.

No

Full Access
Question # 11

Is this a type of Linux kernel namespace that provides container isolation?

Solution: Authentication

A.

Yes

B.

No

Full Access
Question # 12

Are these conditions sufficient for Kubernetes to dynamically provision a persistentVolume, assuming there are no limitations on the amount and type of available external storage?

Solution: A default storageClass is specified, and subsequently a persistentVolumeClaim is created.

A.

Yes

B.

No

Full Access
Question # 13

Will this action upgrade Docker Engine CE to Docker Engine EE?

Solution: Manually download the 'docker-ee' package

A.

Yes

B.

No

Full Access
Question # 14

Is this statement correct?

Solution.A Dockerfile stores persistent data between deployments of a container

A.

Yes

B.

No

Full Access
Question # 15

You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_C0NTENT_TRUST=l. If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution.docker image build, from a Dockeflle that begins FROM myorg/myimage: l1.0

A.

Yes

B.

No

Full Access
Question # 16

You configure a local Docker engine to enforce content trust by setting the environment variable

DOCKER_CONTENT_TRUST=1.

If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution: docker service create myorg/myimage:1.0

A.

Yes

B.

No

Full Access
Question # 17

You created a new service named 'http' and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service?

Solution: 'docker service inspect http'

A.

Yes

B.

No

Full Access
Question # 18

Does this command display all the pods in the cluster that are labeled as 'env: development'?

Solution: 'kubectl get pods --all-namespaces -label env=development'

A.

Yes

B.

No

Full Access
Question # 19

Your organization has a centralized logging solution, such as Splunk.

Will this configure a Docker container to export container logs to the logging solution?

Solution: docker system events --filter splunk

A.

Yes

B.

No

Full Access
Question # 20

Your organization has a centralized logging solution, such as Sptunk.

Will this configure a Docker container to export container logs to the logging solution?

Solution.docker system events- -filter splunk

A.

Yes

B.

No

Full Access
Question # 21

You want to provide a configuration file to a container at runtime. Does this set of Kubernetes tools and steps accomplish this?

Solution: Turn the configuration file into a configMap object, use it to populate a volume associated with the pod, and mount that file from the volume to the appropriate container and path.

A.

Yes

B.

No

Full Access
Question # 22

Does this command create a swarm service that only listens on port 53 using the UDP protocol?

Solution. ‘docker service create -name dns-cache -p 53:53 -udp dns-cache’

A.

Yes

B.

No

Full Access
Question # 23

Can this set of commands identify the published port(s) for a container?

Solution. ‘docker port inspect", docker container inspect"

A.

Yes

B.

No

Full Access
Question # 24

Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate?

Solution: Set IGNORE_TLS in the 'daemon.json' configuration file.

A.

Yes

B.

No

Full Access
Question # 25

Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application.

Is this a way to accomplish this?

Solution: Create one namespace for each application and add all the resources to it.

A.

Yes

B.

No

Full Access
Question # 26

You set up an automatic pruning policy on a DTR repository to prune all images using Apache licenses.

What effect does this have on images in this repository?

A.

Matching images are untagged during the next prune job.

B.

Matching images are deleted during the next prune job.

C.

Matching images are untagged once they are older than the pruning threshold set in the repository's Settings tab.

D.

Matching images are untagged during the next prune job, and subsequently deleted once they are older than the pruning threshold set in the repository's Settings tab.

Full Access
Question # 27

Which statement is correct about cluster management in Docker Enterprise Edition 3.x?

A.

Clusters can contain Linux only.

B.

Clusters can contain Linux, Windows Server 2016 and 2019, and Linux on IBM z Systems.

C.

Clusters can contain Windows 10 and Windows Server 2016 only.

D.

Clusters can contain Linux and Windows Server 2008 R2 only.

Full Access
Question # 28

Can this set of commands identify the published port(s) for a container?

Solution: `docker network inspect', `docker port'

A.

Yes

B.

No

Full Access
Question # 29

Is this the purpose of Docker Content Trust?

Solution.Sign and verify image tags.

A.

Yes

B.

No

Full Access
Question # 30

You want to create a container that is reachable from its host's network. Does this action accomplish this?

Solution: Use --link to access the container on the bridge network.

A.

Yes

B.

No

Full Access
Question # 31

Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate?

Solution. Set and export the IGNORE_TLS environment variable on the command line.

A.

Yes

B.

No

Full Access
Question # 32

In Docker Trusted Registry, is this how a user can prevent an image, such as 'nginx:latest’, from being overwritten by another user with push access to the repository?

Solution: Tag the image with 'nginx:immutable'.

A.

Yes

B.

No

Full Access
Question # 33

Will this command display a list of volumes for a specific container?

Solution: 'docker container inspect nginx'

A.

Yes

B.

No

Full Access
Question # 34

Will this command ensure that overlay traffic between service tasks is encrypted?

Solution:docker service create --network --secure

A.

Yes

B.

No

Full Access
Question # 35

Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory?

Solution: cgroups

A.

Yes

B.

No

Full Access
Question # 36

The Kubernetes yaml shown below describes a networkPolicy.

Will the networkPolicy BLOCK this traffic?

Solution: a request issued from a pod bearing the tier: backend label, to a pod bearing the tier: frontend label

A.

Yes

B.

No

Full Access
Question # 37

Will this command list all nodes in a swarm cluster from the command line?

Solution: ‘docker Is -a’

A.

Yes

B.

No

Full Access
Question # 38

When an application being managed by UCP fails, you would like a summary of all requests made to the UCP API in the hours leading up to the failure.

What must be configured correctly beforehand for this to be possible?

A.

All engines in the cluster must have their log driver set to the 'metadata' or 'request' level.

B.

UCP logging levels must be set to the info' or debug' level.

C.

UCP audit logs must be set to the 'metadata' or 'request' level.

D.

Set the logging level in the config object for the ucp-kube-epi-server container to warning or higher

Full Access
Question # 39

The Kubernetes yaml shown below describes a networkPolicy.

Will the networkPolicy BLOCK this trafftc?

Solution. a request issued from a pod bearing the tier: backend label, to a podbearing the tier: frontend label

A.

Yes

B.

No

Full Access
Question # 40

Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate?

Solution: List insecure registries in the 'daemon.json configuration file under the \insecure-registries' key.

A.

Yes

B.

No

Full Access
Question # 41

Is this a supported user authentication method for Universal Control Plane?

Solution.SAML

A.

Yes

B.

No

Full Access
Question # 42

Your organization has a centralized logging solution, such as Splunk.

Will this configure a Docker container to export container logs to the logging solution?

Solution.docker logs

A.

Yes

B.

No

Full Access
Question # 43

You created a new service named 'http' and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service?

Solution: 'docker ps http'

A.

Yes

B.

No

Full Access
Question # 44

You created a new service named 'http' and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service?

Solution:'docker inspect http'

A.

Yes

B.

No

Full Access
Question # 45

Is this a function of UCP?

Solution: image role-based access control

A.

Yes

B.

No

Full Access
Question # 46

Is this an advantage of multi-stage builds?

Solution.better logical separation of Dockerfile instructions for increased readability

A.

Yes

B.

No

Full Access
Question # 47

You want to provide a configuration file to a container at runtime. Does this set of Kubernetes tools and steps accomplish this?

Solution: Mount the configuration file directly into the appropriate pod and container using the .spec.containers.configMounts key.

A.

Yes

B.

No

Full Access
Question # 48

Will this command display a list of volumes for a specific container?

Solution. ‘docker container inspect nginx’

A.

Yes

B.

No

Full Access
Question # 49

You are running only Kubernetes workloads on a worker node that requires

maintenance, such as installing patches or an OS upgrade.

Which command must be run on the node to gracefully terminate all pods on

the node, while marking the node as unschedulable?

A.

`docker swarm leave'

B.

`docker node update -availability drain

C.

`kubectl drain '

D.

`kubectl cordon

Full Access