Docker DCA Practice Test - Questions Answers, Page 9

Multi-stage builds are a feature of Docker that allows you to use multiple FROM statements in your Dockerfile. Each FROM statement creates a new stage of the build, which can use a different base image and run different commands. You can then copy artifacts from one stage to another, leaving behind everything you don't want in the final image. This optimizes the image size and reduces the attack surface by removing unnecessary dependencies and tools. For example, you can use a stage to compile your code, and then copy only the executable file to the final stage, which can use a minimal base image like scratch. This way, you don't need to include the compiler or the source code in the final image.Reference:

Multi-stage builds | Docker Docs

What Are Multi-Stage Docker Builds? - How-To Geek

Multi-stage | Docker Docs

= The correct command to list all nodes in a swarm cluster from the command line isdocker node ls, notdocker swarm nodes.Thedocker nodecommand allows you to manage nodes in a swarm, such as listing, inspecting, updating, or removing nodes1.Thedocker swarmcommand allows you to manage the swarm itself, such as initializing, joining, leaving, or updating the swarm2.Reference:

Manage nodes in a swarm | Docker Docs

Manage a swarm | Docker Docs

= (Please check the official Docker site for the comprehensive explanation)Reference: (Some possible references from the web search results are)

[Docker Swarm Tutorial: Manage Multiple Docker Hosts - Edureka]

[Docker Swarm - Docker Documentation]

[Docker Swarm Tutorial: How to Manage Multiple Docker Hosts - Linux Hint]

[Docker Swarm Tutorial: How to Manage Multiple Docker Hosts - YouTube]

[Docker Swarm Tutorial: How to Manage Multiple Docker Hosts - Medium]

I hope this helps you in your exam preparation. Good luck!

The commanddocker Is -adoes not list all nodes in a swarm cluster from the command line, but rather lists all containers, both running and stopped, on the current node1.To list all nodes in a swarm cluster, you need to use the commanddocker node lsfrom a manager node2.This command shows the node ID, hostname, status, availability, and manager status for each node in the swarm2.You can also use the--filteroption to filter the output based on various criteria2.Reference:Docker Documentation,docker node ls

= Storage is not a type of Linux kernel namespace that provides container isolation.Linux namespaces are a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources1. The feature works by having the same namespace for a set of resources and processes, but those namespaces refer to distinct resources.Since kernel version 5.6, there are 8 kinds of namespaces: mount, UTS, IPC, PID, network, user, cgroup, and time2.Each kind of namespace isolates a different aspect of the system, such as file system mounts, host and domain names, inter-process communication, process IDs, network interfaces, user and group IDs, cgroups, and system time2. Storage is not one of them.Reference:

1: Linux namespaces - Wikipedia

2: Namespaces --- The Linux Kernel documentation

Network is a type of Linux kernel namespace that provides container isolation. Network namespaces isolate the system resources associated with networking, such as network interfaces, IP addresses, routing tables, firewall rules, etc.Each network namespace has its own virtual network stack, and processes in different network namespaces can communicate through virtual network devices or tunnels1.Network namespaces are used by Docker to create isolated networks for containers, and allow users to customize the network configuration and connectivity of each container2.Reference:

network_namespaces(7) - Linux manual page

Docker network overview | Docker Documentation

= Authentication is not a type of Linux kernel namespace that provides container isolation. Namespaces are a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources and another set of processes sees a different set of resources.Docker uses six different namespaces to isolate containers from the host and from each other: PID, USER, UTS, IPC, MNT, and NET12. Authentication is not one of them. Authentication is a process of verifying the identity of a user or a system, which is usually done by using credentials such as passwords, tokens, or certificates. Authentication does not directly affect the isolation of containers, although it can be used to control access to them.Reference:

Docker security | Docker Docs

Securing Docker Containers with Linux Kernel Features | Infosec

: A Dockerfile is a text file that contains all the commands a user could run on the command line to create an image1.A Dockerfile is composed of instructions that specify the parent image, the packages to install, the files to copy, the ports to expose, and the commands to run2.A Dockerfile can be used to build a Docker image with thedocker buildcommand3.Reference:

Dockerfile reference | Docker Docs

What is a Dockerfile? A Step-by-Step Guide [2023 Updated] - Simplilearn

How to Build Docker Images with Dockerfile | Linuxize

(Please check the official Docker site for the answer)Comprehensive = (Please check the official Docker site for the comprehensive explanation)Reference: (Some possible references from the web search results are)

Docker Security - Docker Documentation

Docker Security Best Practices - Medium

Docker Security Cheat Sheet - GitHub

Docker Security: A Comprehensive Guide - Snyk

Docker Security: Tips and Tricks to Secure Your Containers - DevSecOps

I hope this helps you in your exam preparation. Good luck!