Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Docker
  3. DCA

Docker DCA Exam (page: 5)
Docker Certified Associate
Updated on: 02-Jan-2026

Viewing Page 5 of 38
DCA PDF 191 Questions

One of several containers in a pod is marked as unhealthy after failing its livenessProbe many times. Is this the action taken by the orchestrator to fix the unhealthy container?

Solution: The controller managing the pod is autoscaled back to delete the unhealthy pod and alleviate load.

  1. Yes
  2. No

Answer(s): B

Explanation:

: = The livenessProbe is a mechanism that checks if the container is alive and healthy, and restarts it if it fails. The orchestrator is the component that manages the deployment and scaling of containers across a cluster of nodes. The action taken by the orchestrator to fix the unhealthy container is not to autoscale back and delete the pod, but to recreate the pod on the same or a different node. This ensures that the desired number of replicas for the pod is maintained, and that the pod can resume its normal operation. Autoscaling back and deleting the pod would reduce the availability and performance of the service, and would not necessarily alleviate the load.


Reference:

Configure Liveness, Readiness and Startup Probes | Kubernetes

What is a Container Orchestrator? | Docker

Pod Lifecycle | Kubernetes

I hope this helps you understand the concept of livenessProbe and orchestrator, and how they work with Docker and Kubernetes. If you have any other questions related to Docker, please feel free to ask me.



You configure a local Docker engine to enforce content trust by setting the environment variable

DOCKER_CONTENT_TRUST=1.

If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution: docker image import <tarball> myorg/myimage:1.0

  1. Yes
  2. No

Answer(s): A

Explanation:

Docker Content Trust (DCT) is a feature that allows users to verify the integrity and publisher of container images they pull or deploy from a registry server, signed on a Notary server. DCT is enabled by setting the environment variable DOCKER_CONTENT_TRUST=1 on the Docker client.
When DCT is enabled, the Docker client will only pull, run, or build images that have valid signatures for a specific tag. However, DCT does not apply to the docker image import command, which allows users to import an image or a tarball with a repository and tag from a file or STDIN3. Therefore, if myorg/myimage:1.0 is unsigned, Docker will not block the docker image import <tarball> myorg/myimage:1.0 command, even if DCT is enabled. This is because the docker image import command does not interact with a registry or a Notary server, and thus does not perform any signature verification. However, this also means that the imported image will not have any trust data associated with it, and it will not be possible to push it to a registry with DCT enabled, unless it is signed with a valid key.


Reference:

Content trust in Docker

Automation with content trust

[docker image import]

[Content trust and image tags]



You configure a local Docker engine to enforce content trust by setting the environment variable

DOCKER_CONTENT_TRUST=1.

If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution: docker service create myorg/myimage:1.0

  1. Yes
  2. No

Answer(s): A

Explanation:

When content trust is enabled, Docker blocks any command that operates on unsigned images, such as docker service create. This is because Docker Content Trust (DCT) allows users to verify the integrity and publisher of specific image tags, using digital signatures stored on a Notary server. If an image tag is not signed, or the signature cannot be verified, Docker will refuse to pull, run, or build with that image. Therefore, if myorg/myimage:1.0 is unsigned, Docker will block the command docker service create myorg/myimage:1.0 and display an error message.


Reference:

Content trust in Docker

Docker Content Trust: What It Is and How It Secures Container Images

Automation with content trust



Can this set of commands identify the published port(s) for a container?

Solution: docker container inspect', 'docker port'

  1. Yes
  2. No

Answer(s): A

Explanation:

The set of commands docker container inspect and docker port can identify the published port(s) for a container. The docker container inspect command returns low-level information about a container, including its network settings and port bindings. The docker port command lists port mappings or a specific mapping for the container. Both commands can show which host port is mapped to which container port, and the protocol used. For example, docker container inspect -f '{{.NetworkSettings.Ports}}' container_name will show the port bindings for the container_name. Similarly, docker port container_name will show the port mappings for the container_name.


Reference:

docker container inspect docker port

How to Expose and Publish Ports in Docker

[How to obtain the published ports from within a docker container?]



You add a new user to the engineering organization in DTR.

Will this action grant them read/write access to the engineering/api repository?

Solution: Add the user directly to the list of users with read/write access under the repository's Permissions tab.

  1. Yes
  2. No

Answer(s): B

Explanation:

Adding a new user to the engineering organization in DTR will not automatically grant them read/write access to the engineering/api repository. This is because the repository permissions are not inherited from the organization level, but are configured separately for each repository. Therefore, to grant read/write access to the new user, you need to add them directly to the list of users with read/write access under the repository's Permissions tab.


Reference:

Docker Trusted Registry - Manage access to repositories

Docker Certified Associate (DCA) Study Guide - Domain 3: Image Creation, Management, and Registry

: https://docs.docker.com/ee/dtr/user/manage-repos/#manage-access-to-repositories

: https://success.docker.com/certification/study-guides/dca-study-guide#domain-3-image-creation- management-and-registry-20-of-exam



Viewing Page 5 of 38



Share your comments for Docker DCA exam with other users:

Merry 7/30/2023 6:57:00 AM

good questions
Anonymous


VoiceofMidnight 12/17/2023 4:07:00 PM

Delayed the exam until December 29th.
UNITED STATES


Umar Ali 8/29/2023 2:59:00 PM

A and D are True
Anonymous


vel 8/28/2023 9:17:09 AM

good one with explanation
Anonymous


Gurdeep 1/18/2024 4:00:15 PM

This is one of the most useful study guides I have ever used.
CANADA