Docker DCA Practice Test - Questions Answers, Page 14

To configure a Docker container to export container logs to a logging solution such as Splunk, you need to set the log-driver and log-opt keys to values for the logging solution in the daemon.json file.This will enable the Splunk logging driver, which sends container logs to HTTP Event Collector in Splunk Enterprise and Splunk Cloud1.You can also use the command-line flags --log-driver and --log-opt with docker run to use the Splunk driver for a specific container1.Reference:

Splunk logging driver | Docker Docs

Collecting docker logs and stats with Splunk | Splunk

How to send Docker containers logs to Splunk?

Splunk Logging Driver for Docker | Splunk

The commanddocker inspect nodeswill not list all nodes in a swarm cluster from the command line.This is becausedocker inspectrequires one or more names or IDs of the objects to inspect1.To list all nodes in a swarm cluster, you need to use the commanddocker node ls2, which will display information such as node ID, hostname, status, availability, and role3.Reference:

docker inspect | Docker Docs

docker node ls | Docker Docs

How to list nodes in a Docker swarm cluster

: The networkPolicy willblockthe traffic from a pod bearing the tier: backend label, to a pod bearing the tier: frontend label.The networkPolicy specifies that only pods with the tier: frontend label can access the pods with the app: guestbook-api and tier: backend labels on port 801.Any other traffic to the backend pods will be denied by default2. Therefore, a request issued from a pod bearing the tier: backend label, to a pod bearing the tier: frontend label will be blocked by the networkPolicy.Reference:Connect a Frontend to a Backend Using Services),Network Policies)

= The pid namespace is not a Linux kernel namespace that is disabled by default and must be enabled at Docker engine runtime to be used.The pid namespace is one of the six namespaces that are enabled by default when you run a container with Docker1.The pid namespace isolates the process ID number space, meaning that processes in different pid namespaces can have the same PID2.This allows containers to have their own init process with PID 1 and to limit the visibility and interaction of processes between containers and the host3. To disable the pid namespace, you need to use the --pid option with the docker run command and specify the host or another container as the pid mode.Reference:

Docker run reference | Docker Docs

pid_namespaces(7) - Linux manual page - man7.org

Building containers by hand: The PID namespace - Enable Sysadmin

[Share host and container processes with --pid | Docker Docs]

The commanddocker run -v /data:/mydata -mode readonly ubuntuwill not mount the host's/data1directory to the ubuntu container in read-only mode. The command has several errors that prevent it from working correctly. First, the host directory should be/data1instead of/data, as specified in the question. Second, the option flag should be--modeinstead of-mode, and it should be placed before the image name.Third, the mode value should beroinstead ofreadonly, as per the Docker documentation1.The correct command should bedocker run -v /data1:/mydata --mode ro ubuntu, which will mount the host's/data1directory as a read-only volume at/mydatainside the container1.Reference:

docker run | Docker Docs

= The commanddocker run -add-volume /data /mydata -read-only ubuntuwill not mount the host's/datadirectory to the ubuntu container in read-only mode. The reason is that the command has several syntax errors and invalid options.The correct command to mount a host directory to a container in read-only mode isdocker run --mount type=bind,source=/data,target=/mydata,readonly ubuntu12. The commanddocker run -add-volume /data /mydata -read-only ubuntuhas the following problems:

The option-add-volumeis not a valid option fordocker run.The valid options for mounting a volume or a bind mount are--mountor-v12.

The option-read-onlyis not a valid option fordocker run.The valid option for making the container's root filesystem read-only is--read-only3.However, this option will not affect the mounted volumes or bind mounts, which have their ownreadonlyoption12.

The argument/data /mydatais not a valid argument fordocker run.The argument fordocker runshould be the command to run inside the container, such asbashorping4.The source and target of the volume or bind mount should be specified in the--mountor-voption, separated by a colon12.

Therefore, the commanddocker run -add-volume /data /mydata -read-only ubuntuwill not work as intended, and will likely produce an error message or an unexpected result.Reference:

Use bind mounts

Use volumes

docker run

Docker run reference

= The commanddocker inspect nodeswill not list all nodes in a swarm cluster from the command line.This command is invalid, asdocker inspectrequires one or more object names or IDs as arguments1.To list all nodes in a swarm cluster, you need to use thedocker node lscommand from a manager node2.This command will display the ID, hostname, status, availability, manager status, and engine version of each node in the swarm2.You can also use the-for--filterflag to filter the nodes by various criteria, such as role, label, or name2.Reference:

1: docker inspect | Docker Docs

2: docker node ls | Docker Docs

= The command 'docker swarm nodes' is not a valid command to list all nodes in a swarm cluster from the command line.The correct command isdocker node ls, which can be run on a manager node to view the details of all the nodes in the swarm1. Thedocker swarmcommand is used to manage the swarm itself, not the nodes.For example, you can usedocker swarm initto create a new swarm, ordocker swarm jointo add a node to an existing swarm2.Reference:

Manage nodes in a swarm | Docker Docs

docker swarm | Docker Docs

Process ID is a type of Linux kernel namespace that provides container isolation.Linux namespaces are a feature of the Linux kernel that isolate and virtualize system resources of a collection of processes1.Process ID namespace isolates the process ID number space, meaning that processes in different PID namespaces can have the same PID2.This allows each container to have its own init process with PID 1, which is the ancestor of all other processes in the container3.Process ID namespace also affects other identifiers, such as thread IDs, parent process IDs, and session IDs4.Reference: Namespaces in operation), pid_namespaces),What is a PID namespace?, Linux Namespaces: PID)