Which of the following Dockerfile commands cannot be overridden at runtime?
A. VOLUME
B. USER
C. ADD
D. CMD
Correct Answer: C
When a developer builds an image from a Dockerfile or when she commits it, the developer can set a number of default parameters that take effect when the image starts up as a container. Four of the Dockerfile commands cannot be overridden at runtime: FROM, MAINTAINER, RUN, and ADD. Everything else has a corresponding override in docker run. We'll go through what the developer might have set in each Dockerfile instruction and how the operator can override that setting.
What needs to be done in order to remotely access a Docker daemon running on Linux?
A. add certificate authentication to the docker API
B. change the encryption level to TLS
C. enable the TCP socket
D. bind the Docker API to a unix socket
Correct Answer: C
The Docker daemon can listen for Docker Remote API requests via three different types of Socket: unix, tcp, and fd. By default, a unix domain socket (or IPC socket) is created at /var/run/docker.sock, requiring either root permission, or docker group membership. If you need to access the Docker daemon remotely, you need to enable the tcp Socket. Beware that the default setup provides unencrypted and un-authenticated direct access to the Docker daemon - and should be secured either using the built in HTTPS encrypted socket or by putting a secure web proxy in front of it.
On which local address does the Docker DNS server listen?
A. 127.0.0.1
B. 127.0.0.111
C. 127.0.0.254
D. 127.0.0.11
Correct Answer: D
Note: If you need access to a host's localhost resolver, you must modify your DNS service on the host to listen on a non-localhost address that is reachable from within the container. Note: The DNS server is always at 127.0.0.11.
What are the default memory limit policies for a Docker container?
A. Limited memory, limited kernel memory
B. Unlimited memory, limited kernel memory
C. Limited memory, unlimited kernel memory
D. Unlimited memory, unlimited kernel memory
Correct Answer: D
Kernel memory limits are expressed in terms of the overall memory allocated to a container. Consider the following scenarios: Unlimited memory, unlimited kernel memory: This is the default behavior. Unlimited memory, limited kernel memory: This is appropriate when the amount of memory needed by all cgroups is greater than the amount of memory that actually exists on the host machine. You can configure the kernel memory to never go over what is available on the host machine, and containers which need more memory need to wait for it. Limited memory, umlimited kernel memory: The overall memory is limited, but the kernel memory is not. Limited memory, limited kernel memory: Limiting both user and kernel memory can be useful for debugging memory-related problems. If a container is using an unexpected amount of either type of memory, it will run out of memory without affecting other containers or the host machine. Within this setting, if the kernel memory limit is lower than the user memory limit, running out of kernel memory will cause the container to experience an OOM error. If the kernel memory limit is higher than the user memory limit, the kernel limit will not cause the container to experience an OOM.
In which Docker Swarm model does the swarm manager distribute a specific number of replica tasks among the nodes based upon the scale you set in the desired state?
A. distributed services
B. scaled services
C. replicated services
D. global services
Correct Answer: C
A service is the definition of the tasks to execute on the worker nodes. It is the central structure of the swarm system and the primary root of user interaction with the swarm. When you create a service, you specify which container image to use and which commands to execute inside running containers. In the replicated services model, the swarm manager distributes a specific number of replica tasks among the nodes based upon the scale you set in the desired state. For global services, the swarm runs one task for the service on every available node in the cluster. A task carries a Docker container and the commands to run inside the container. It is the atomic scheduling unit of swarm. Manager nodes assign tasks to worker nodes according to the number of replicas set in the service scale. Once a task is assigned to a node, it cannot move to another node. It can only run on the assigned node or fail.
You are building a Docker image with the following Dockerfile. How many layers will the resulting image have?
FROM scratch CMD /app/hello.sh
A. 2
B. 4
C. 1
D. 3
Correct Answer: C
As described in the link: https://docs.docker.com/storage/storagedriver/, the DockerFile contain only one command which runs on the container layer. The container layer is a Read/Write layer. The CMD instruction specifies what command to run within the container, which only modifies the image's metadata, which does not produce an image layer. So, there is only one layer i.e. the container layer.
Question 367:
What storage driver does Docker generally recommend that you use if it is available?
A. zfs
B. btrfs
C. aufs
D. overlay
Correct Answer: C
After you have read the storage driver overview, the next step is to choose the best storage driver for your workloads. In making this decision, there are three high-level factors to consider: If multiple storage drivers are supported in your kernel, Docker has a prioritized list of which storage driver to use if no storage driver is explicitly configured, assuming that the prerequisites for that storage driver are met: If aufs is available, default to it, because it is the oldest storage driver. However, it is not universally available.
What is the purpose of a Docker swarm worker node?
A. scheduling services
B. service swarm node HTTP API endpoints
C. executing containers
D. maintaining cluster state
Correct Answer: C
Manager nodes handle cluster management tasks: maintaining cluster state scheduling services serving swarm mode HTTP API endpoints Worker nodes Worker nodes are also instances of Docker Engine whose sole purpose is to execute containers. Worker nodes don't participate in the Raft distributed state, make scheduling decisions, or serve the swarm mode HTTP API.
Which answer is the proper syntax for specifying two target hosts on the command line when running an Ansible Playbook?
A. ansible-playbook -h host1.example.com -i all playbook.yml
B. ansible-playbook -i host1.example.com playbook.yml
C. ansible-playbook -h host1.example.com,host2.example.com playbook.yml
D. ansible-playbook -i host1.example.com,host2.example.com playbook.yml
Correct Answer: D
Ansible uses the `-i' flag for accepting an inventory file or host. To allow Ansible to determine if you are passing a host list versus an inventory file the list must be comma separated. If a single host is specified, a trailing comma must be present.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your DOP-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.