EMT Practice Test

1. Question Content...


Question List

Question1: Will this command ensure that overlay traffic between service tasks is encrypted?
Solution: docker network create -d overlay -o encrypted=true <network-name>

Question2: Your organization has a centralized logging solution, such as Splunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution.docker run -- log driver=splunk for every container at run time

Question3: Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory?
Solution.capabilities

Question4: Your organization has a centralized logging solution, such as Sptunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution.docker system events- -filter splunk

Question5: Is this a type of Linux kernel namespace that provides container isolation?
Solution.Host

Question6: Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application.
Is this a way to accomplish this?
Solution. Create a collection for for each application.

Question7: A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.
Can this be used to schedule containers to meet the security policy requirements?
Solution: node taints

Question8: A persistentVolumeClaim (PVC) is created with the specification storageClass: "", and size requirements that cannot be satisfied by any existing persistentVolume.
Is this an action Kubernetes takes in this situation?
Solution: The PVC remains unbound until a persistentVolume that matches all requirements of the PVC becomes available.

Question9: Does this describe the role of Control Groups (cgroups) when used with a Docker container?
Solution: isolation between resources used by containers

Question10: Is this a type of Linux kernel namespace that provides container isolation?
Solution.Process ID

Question11: Will this command display a list of volumes for a specific container?
Solution: 'docker container inspect nginx'

Question12: Seven managers are in a swarm cluster.
Is this how should they be distributed across three datacenters or availability zones?
Solution: 5-1-1

Question13: Will this command display a list of volumes for a specific container?
Solution:docker volume inspect nginx'

Question14: You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_CONTENT_TRUST=1.
If myorg/myimage: 1.0 is unsigned, does Docker block this command?
Solution: docker image inspect myorg/myimage: 1.0

Question15: Is this an advantage of multi-stage builds?
Solution: optimizes Images by copying artifacts selectively from previous stages

Question16: Will this action upgrade Docker Engine CE to Docker Engine EE?
Solution: Manually download the 'docker-ee' package

Question17: An application image runs in multiple environments, with each environment using different certificates and ports.
Is this a way to provision configuration to containers at runtime?
Solution: Create images that contain the specific configuration for every environment.

Question18: You want to create a container that is reachable from its host's network. Does this action accomplish this?
Solution:Use either EXPOSE or --publish to access the containers on the bridge network

Question19: In the context of a swarm mode cluster, does this describe a node?
Solution: an instance of the Docker engine participating in the swarm

Question20: You want to create a container that is reachable from its host's network. Does this action accomplish this?
Solution:Use network attach to access the containers on the bridge network

Question21: A users attempts to set the system time from inside a Docker container are unsuccessful. Could this be blocking this operation?
Solution: inter-process communication

Question22: A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster.
Can this be used to schedule containers to meet the security policy requirements?
Solution: label contraints

Question23: You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_CONTENT_TRUST=1.
If myorg/myimage: 1.0 is unsigned, does Docker block this command?
Solution: docker service create myorg/myimage:1.0

Question24: Does this command display all the pods in the cluster that are labeled as 'env: development'?
Solution: 'kubectl get pods --all-namespaces -label env=development'

Question25: Seven managers are in a swarm cluster.
Is this how should they be distributed across three datacenters or availability zones?
Solution: 4-2-1

Question26: The Kubernetes yaml shown below describes a networkPolicy.

Will the networkPolicy BLOCK this trafftc?
Solution. a request issued from a pod bearing the tier: backend label, to a podbearing the tier: frontend label

Question27: Will This command list all nodes in a swarm cluster from the command line?
Solution. 'docker swarm nodes'

Question28: Does this describe the role of Control Groups (cgroups) when used with a Docker container?
Solution: user authorization to the Docker API

Question29: Will a DTR security scan detect this?
Solution.private keys copied to the image

Question30: Is this a Linux kernel namespace that is disabled by default and must be enabled at Docker engine runtime to be used?
Solution: user

Question31: Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory?
Solution: cgroups

Question32: Which networking drivers allow you to enable multi-host network connectivity between containers?

Question33: The Kubernetes yaml shown below describes a networkPolicy.

Will the networkPolicy BLOCK this traffic?
Solution: a request issued from a pod bearing the tier: backend label, to a pod bearing the tier: frontend label

Question34: Two development teams in your organization use Kubernetes and want to deploy their applications while ensuring that Kubernetes-specific resources, such as secrets, are grouped together for each application.
Is this a way to accomplish this?
Solution: Add all the resources to the default namespace.

Question35: Will this sequence of steps completely delete an image from disk in the Docker Trusted Registry?
Solution: Delete the image and run garbage collection on the Docker Trusted Registry.

Question36: Does this command display all the pods in the cluster that are labeled as 'env: development'?
Solution: 'kubectl get pods -I env=development'

Question37: Which docker run` flag lifts cgroup limitations?

Question38: During development of an application meant to be orchestrated by Kubemetes, you want to mount the /data directory on your laptop into a container.
Will this strategy successfully accomplish this?
Solution. Create a Persistent VolumeClaim requesting storageClass:"" (which defaults to local storage) and hostPath: /data, and use this to populate a volume in a pod.

Question39: Will this command ensure that overlay traffic between service tasks is encrypted?
Solution.docker network create -d overlay --secure <network-name>

Question40: Is this a function of UCP?
Solution: scans images to detect any security vulnerability

Question41: You created a new service named 'http' and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service?
Solution:'docker service ps http'

Question42: Is this the purpose of Docker Content Trust?
Solution: Enable mutual TLS between the Docker client and server.

Question43: Does this command create a swarm service that only listens on port 53 using the UDP protocol?
Solution. 'docker service create -name dns-cache -p 53:53 -udp dns-cache'

Question44: Does this describe the role of Control Groups (cgroups) when used with a Docker container?
Solution: accounting and limiting of resources

Question45: Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate?
Solution. Set INSECURE_REGISTRY in the' /etc/docker/default' configuration file.

Question46: You add a new user to the engineering organization in DTR.
Will this action grant them read/write access to the engineering/api repository?
Solution. Mirror the engineering/api repository to one of the user's own private repositories.

Question47: The following Docker Compose file is deployed as a stack:

Is this statement correct about this health check definition?
Solution.Health checks lest for app health ten seconds apart. Three failed health checks transition the container into "unhealthy" status.

Question48: You want to mount external storage to a particular filesystem path in a container in a Kubernetes pod.
What is the correct set of objects to use for this?

Question49: Is this an advantage of multi-stage builds?
Solution: simultaneously creates and tags multiple images

Question50: Is this a type of Linux kernel namespace that provides container isolation?
Solution: Authentication

Question51: One of several containers in a pod is marked as unhealthy after failing its livenessProbe many times. Is this the action taken by the orchestrator to fix the unhealthy container?
Solution: The controller managing the pod is autoscaled back to delete the unhealthy pod and alleviate load.

Question52: Is this the purpose of Docker Content Trust?
Solution: Verify and encrypt Docker registry TLS.

Question53: Are these conditions sufficient for Kubernetes to dynamically provision a persistentVolume, assuming there are no limitations on the amount and type of available external storage?
Solution: A default provisioner is specified, and subsequently a persistentVolumeClaim is created.

Question54: You add a new user to the engineering organization in DTR.
Will this action grant them read/write access to the engineering/api repository?
Solution: Add the user directly to the list of users with read/write access under the repository's Permissions tab.

Question55: Will this command list all nodes in a swarm cluster from the command line?
Solution. 'docker inspect nodes

Question56: Is this the purpose of Docker Content Trust?
Solution.Indicate an image on Docker Hub is an official image.

Question57: The Kubernetes yaml shown below describes a networkPolicy.

Will the networkPolicy BLOCK this traffic?
Solution: a request issued from a pod lacking the tier: api label, to a pod bearing the tier: backend label

Question58: Your organization has a centralized logging solution, such as Splunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution.Set the log-driver-and log-opt keys to values for the logging solution (Splunk) in the daemon.json file.

Question59: A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster. Can this be used to schedule containers to meet the security policy requirements?
Solution.environment variables

Question60: The following Docker Compose file is deployed as a stack:

Is this statement correct about this health check definition?
Solution: Health checks test for app health ten seconds apart. Three failed health checks transition the container into "unhealthy" status.

Question61: Does this command display all the pods in the cluster that are labeled as env; development'?
Solution. 'kubectl gel pods --all-namespaces -I 'env in (development)''

Question62: Will this action upgrade Docker Engine CE to Docker Engine EE?
Solution.Run docker engine activate.

Question63: Are these conditions sufficient for Kubernetes to dynamically provision a persistentVolume, assuming there are no limitations on the amount and type of available external storage?
Solution: A default storageClass is specified, and subsequently a persistentVolumeClaim is created.

Question64: In Docker Trusted Registry, is this how a user can prevent an image, such as 'nginx:latest', from being overwritten by another user with push access to the repository?
Solution: Tag the image with 'nginx:immutable'.

Question65: Your organization has a centralized logging solution, such as Splunk.
Will this configure a Docker container to export container logs to the logging solution?
Solution.docker logs <eontainer-id>

Question66: Will this action upgrade Docker Engine CE to Docker Engine EE?
Solution: Delete '/var/lib/docker' directory.

Question67: You add a new user to the engineering organization in DTR.
Will this action grant them read/write access to the engineering/api repository?
Solution: Add them to a team in the engineering organization that has read/write access to the engineering/api repository.

Question68: A company's security policy specifies that development and production containers must run on separate nodes in a given Swarm cluster. Can this be used to schedule containers to meet the security policy requirements?
Solution.label constraints

Question69: Will this command mount the host's '/data' directory to the ubuntu container in read-only mode?
Solution: 'docker run --add-volume /data /mydata -read-only ubuntu'

Question70: Will this Linux kernel facility limit a Docker container's access to host resources, such as CPU or memory?
Solution: namespaces

Question71: Will this sequence of steps completely delete an image from disk in the Docker Trusted Registry?
Solution.Delete the image and remove permissions to the repository in the Docker Trusted Registry.

Question72: Seven managers are in a swarm cluster.
Is this how should they be distributed across three datacenters or availability zones?
Solution: 3-2-2