ExamGecko
Search Search Login
Home Home / Docker / DCA
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The Kubernetes yaml shown below describes a networkPolicy. Will the networkPolicy BLOCK this traffic? Solution: a request issued from a pod lacking the tier: api label, to a pod bearing the tier: backend label
Does this command create a swarm service that only listens on port 53 using the UDP protocol? Solution. 'docker service create -name dns-cache -p 53:53 -constraint networking.protocol.udp=true dns-cache'
Is this a supported user authentication method for Universal Control Plane? Solution. x.500
Will this command display a list of volumes for a specific container? Solution. 'docker container logs nginx --volumes'
Is this a way to configure the Docker engine to use a registry without a trusted TLS certificate? Solution. Set INSECURE_REGISTRY in the' /etc/docker/default' configuration file.
The Kubernetes yaml shown below describes a clusterIP service. Is this a correct statement about how this service routes requests? Solution: Traffic sent to the IP of this service on port 8080 will be routed to port 80 in a random pod with the label aPP: nginx.
A Kubernetes node is allocated a /26 CIDR block (64 unique IPs) for its address space. If every pod on this node has exactly two containers in it, how many pods can this address space support on this node?
Will this command list all nodes in a swarm cluster from the command line? Solution. 'docker inspect nodes
A user's attempts to set the system time from inside a Docker container are unsuccessful. Could this be blocking this operation? Solution. SELinux
Will this command display a list of volumes for a specific container? Solution: docker volume inspect nginx'

Question 160 - DCA discussion

Report
Export

You are pulling images from a Docker Trusted Registry installation configured to use self-signed certificates, and this error appears:

'x509: certificate signed by unknown authority.

You already downloaded the Docker Trusted Registry certificate authority certificate from https://dtr.example.com/ca.

How do you trust it? (Select two.)

A.

Pass '-trust-certificate ca.crt to the Docker client.

Answers
A.

Pass '-trust-certificate ca.crt to the Docker client.

B.

Place the certificate in '/etc/docker/dtr/dtr.example.com.crt' and restart the Docker daemon on all cluster nodes.

Answers
B.

Place the certificate in '/etc/docker/dtr/dtr.example.com.crt' and restart the Docker daemon on all cluster nodes.

C.

Place the certificate in /etc/docker/certs.d/dtr.example.com/ca.crt' on all cluster nodes.

Answers
C.

Place the certificate in /etc/docker/certs.d/dtr.example.com/ca.crt' on all cluster nodes.

D.

Pass -- insecure-registry to the Docker client.

Answers
D.

Pass -- insecure-registry to the Docker client.

E.

Place the certificate in your OS certificate path, trust the certificate system- wide, and restart the Docker daemon across all cluster nodes.

Answers
E.

Place the certificate in your OS certificate path, trust the certificate system- wide, and restart the Docker daemon across all cluster nodes.

Suggested answer: C, E

Explanation:

To trust a self-signed certificate from a Docker Trusted Registry (DTR), you need to place the certificate in the appropriate location on all cluster nodes and restart the Docker daemon. There are two possible locations for the certificate, depending on your OS and Docker version1:

* /etc/docker/certs.d/dtr.example.com/ca.crt: This is the preferred location for Linux systems and Docker versions 1.13 and higher. This directory is scanned by Docker for certificates and keys for each registry domain2.

* Your OS certificate path: This is the fallback location for other OSes and Docker versions. You need to find the certificate store for your OS and copy the certificate there. You also need to trust the certificate system-wide, which may require additional steps depending on your OS3.

The other options are not correct because:

* Passing '-trust-certificate ca.crt to the Docker client is not a valid option. There is no such flag for the Docker client4.

* Placing the certificate in '/etc/docker/dtr/dtr.example.com.crt' is not a valid location. The certificate should be in the /etc/docker/certs.d directory, not the /etc/docker/dtr directory1.

* Passing -- insecure-registry to the Docker client is not a recommended option. This flag disables the TLS verification for the registry, which makes the communication insecure and vulnerable to attacks.

* Use self-signed certificates | Docker Docs

* Test an insecure registry | Docker Docs

* Add TLS certificates as a trusted root authority to the host OS | Docker Docs

* docker | Docker Docs

* [Deploy a registry server | Docker Docs]

Show Answer
asked 08/11/2024
Alexandre BOUCHER
41 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms