Get Docker DCA Exam Practice Questions - Real and Updated

Answer : B

= The commanddocker logs <container-id>will not configure a Docker container to export container logs to the logging solution, such as Splunk.This command only displays the logs of a specific container in the standard output or a file, but does not send them to any external system1.To export container logs to Splunk, you need to use the Docker Logger Drivers, which are plugins that provide logging capabilities for Docker containers2.The Splunk logging driver sends container logs to HTTP Event Collector in Splunk Enterprise and Splunk Cloud3.To use the Splunk logging driver for a specific container, you need to use the command-line flags--log-driverand--log-optwithdocker run, and provide the Splunk token and URL as options3. For example:

$ docker run --log-driver=splunk --log-opt splunk-token=VALUE --log-opt splunk-url=VALUE ...

:

docker logs | Docker Documentation

Logging drivers | Docker Documentation

Splunk logging driver | Docker Documentation

Answer : B

= The commanddocker service create --network --securewill not ensure that overlay traffic between service tasks is encrypted.This is because the--secureoption is not a valid option for thedocker service createcommand1.To ensure that overlay traffic between service tasks is encrypted, you need to use the--opt encryptedoption when creating the overlay network with thedocker network createcommand2. For example, to create an encrypted overlay network namedmy-net, you can use the following command:

docker network create --driver overlay --opt encrypted my-net

Then, you can use the--network my-netoption when creating the service with thedocker service createcommand3. For example, to create a service namedmy-serviceusing thenginximage and themy-netnetwork, you can use the following command:

docker service create --name my-service --network my-net nginx

:

docker service create | Docker Docs

Use overlay networks | Docker Docs

Create a service | Docker Docs

Answer : B

Image role-based access control isnota function of UCP. UCP has its own built-in authentication mechanism and integrates with LDAP services.It also has role-based access control (RBAC), so that you can control who can access and make changes to your cluster and applications1.However, image role-based access control is a feature of Docker Trusted Registry (DTR), which integrates with UCP and allows you to manage the images you use for your applications2.DTR lets you define granular permissions for images, such as who can push, pull, delete, or scan them3.Reference:Universal Control Plane overview), Docker Trusted Registry overview),Docker Access Control)

Answer : B

Answer : B

The solution will not work because a hostPath volume mounts a file or directory from the host node's filesystem into the pod, not from the laptop1. The host node is the VM or machine where the pod is scheduled to run, not the machine where the kubectl commands are executed. Therefore, the /data directory on the laptop will not be accessible to the pod unless it is also present on the host node.A better solution would be to use a persistent volume that can be accessed from any node in the cluster, such as NFS, AWS EBS, or Azure Disk2.Reference:

1: Volumes | Kubernetes

2: Persistent Volumes | Kubernetes