ExamGecko
Search Search Login
Home Home / Docker / DCA
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The Kubernetes yaml shown below describes a networkPolicy. Will the networkPolicy BLOCK this traffic? Solution: a request issued from a pod lacking the tier: api label, to a pod bearing the tier: backend label
Does this command create a swarm service that only listens on port 53 using the UDP protocol? Solution. 'docker service create -name dns-cache -p 53:53 -constraint networking.protocol.udp=true dns-cache'
Is this a supported user authentication method for Universal Control Plane? Solution. x.500
Will this command display a list of volumes for a specific container? Solution. 'docker container logs nginx --volumes'
Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate? Solution. Set INSECURE_REGISTRY in the' /etc/docker/default' configuration file.
The Kubernetes yaml shown below describes a clusterIP service. Is this a correct statement about how this service routes requests? Solution: Traffic sent to the IP of this service on port 8080 will be routed to port 80 in a random pod with the label aPP: nginx.
A Kubernetes node is allocated a /26 CIDR block (64 unique IPs) for its address space. If every pod on this node has exactly two containers in it, how many pods can this address space support on this node?
Will this command list all nodes in a swarm cluster from the command line? Solution. 'docker inspect nodes
A user's attempts to set the system time from inside a Docker container are unsuccessful. Could this be blocking this operation? Solution. SELinux
Will this command display a list of volumes for a specific container? Solution: docker volume inspect nginx'

Question 34 - DCA discussion

Report
Export

You configure a local Docker engine to enforce content trust by setting the environment variable

DOCKER_CONTENT_TRUST=1.

If myorg/myimage: 1.0 is unsigned, does Docker block this command?

Solution: docker image import <tarball> myorg/myimage:1.0

A.

Yes

Answers
A.

Yes

B.

No

Answers
B.

No

Suggested answer: A

Explanation:

Docker Content Trust (DCT) is a feature that allows users to verify the integrity and publisher of container images they pull or deploy from a registry server, signed on a Notary server1. DCT is enabled by setting the environment variable DOCKER_CONTENT_TRUST=1 on the Docker client.When DCT is enabled, the Docker client will only pull, run, or build images that have valid signatures for a specific tag2.However, DCT does not apply to the docker image import command, which allows users to import an image or a tarball with a repository and tag from a file or STDIN3. Therefore, if myorg/myimage:1.0 is unsigned, Docker will not block the docker image import <tarball> myorg/myimage:1.0 command, even if DCT is enabled. This is because the docker image import command does not interact with a registry or a Notary server, and thus does not perform any signature verification. However, this also means that the imported image will not have any trust data associated with it, and it will not be possible to push it to a registry with DCT enabled, unless it is signed with a valid key.Reference:

Content trust in Docker

Automation with content trust

[docker image import]

[Content trust and image tags]

Show Answer
asked 08/11/2024
Christina Chelioti
36 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms