Valid DCA Dumps shared by ExamDiscuss.com for Helping Passing DCA Exam! ExamDiscuss.com now offer the newest DCA exam dumps, the ExamDiscuss.com DCA exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com DCA dumps with Test Engine here:
Access DCA Dumps Premium Version
(189 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 34/79
You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_CONTENT_TRUST=1.
If myorg/myimage: 1.0 is unsigned, does Docker block this command?
Solution: docker container run myorg/myimage:1.0
If myorg/myimage: 1.0 is unsigned, does Docker block this command?
Solution: docker container run myorg/myimage:1.0
Correct Answer: B
Docker will block the command docker container run myorg/myimage:1.0 if the image tag myorg/myimage:1.0 is unsigned and the environment variable DOCKER_CONTENT_TRUST=1 is set. The reason is that setting DOCKER_CONTENT_TRUST=1 enables Docker Content Trust (DCT), which is a feature that allows users to verify the integrity and publisher of Docker images using digital signatures1. When DCT is enabled, Docker will only pull, run, or build images that have valid signatures. If an image tag is unsigned or has an invalid signature, Docker will reject the operation and display an error message2. Therefore, to run an unsigned image with DCT enabled, you need to either disable DCT by setting DOCKER_CONTENT_TRUST=0 or use the --disable-content-trust flag, or sign the image tag with a valid key3. Reference:
Content trust in Docker
Determine if Docker image is signed or unsigned
Signing Images and Enabling Docker Content Trust
Content trust in Docker
Determine if Docker image is signed or unsigned
Signing Images and Enabling Docker Content Trust
- Question List (79q)
- Question 1: You are troubleshooting a Kubernetes deployment called api, ...
- Question 2: Is this statement correct? Solution: A Dockerfile stores the...
- Question 3: In Docker Trusted Registry, is this how a user can prevent a...
- Question 4: Is this a Linux kernel namespace that is disabled by default...
- Question 5: Will this command display a list of volumes for a specific c...
- Question 6: Will This command list all nodes in a swarm cluster from the...
- Question 7: Two pods bear the same label, app: dev. Will a label selecto...
- Question 8: Your organization has a centralized logging solution, such a...
- Question 9: Will this action upgrade Docker Engine CE to Docker Engine E...
- Question 10: Will this command ensure that overlay traffic between servic...
- Question 11: What is the difference between the ADD and COPY Dockerfile i...
- Question 12: A company's security policy specifies that development and p...
- Question 13: Will this command ensure that overlay traffic between servic...
- Question 14: The Kubernetes yaml shown below describes a networkPolicy. (...
- Question 15: Will this command list all nodes in a swarm cluster from the...
- Question 16: In Docker Trusted Registry, is this how a user can prevent a...
- Question 17: Is this a way to configure the Docker engine to use a regist...
- Question 18: Will this Linux kernel facility limit a Docker container's a...
- Question 19: Does this describe the role of Control Groups (cgroups) when...
- Question 20: Will this command ensure that overlay traffic between servic...
- Question 21: The Kubernetes yaml shown below describes a networkPolicy. (...
- Question 22: Will a DTR security scan detect this? Solution: known vulner...
- Question 23: Seven managers are in a swarm cluster. Is this how should th...
- Question 24: Will this command display a list of volumes for a specific c...
- Question 25: Your organization has a centralized logging solution, such a...
- Question 26: One of several containers in a pod is marked as unhealthy af...
- Question 27: A Kubernetes node is allocated a /26 CIDR block (64 unique I...
- Question 28: Is this the purpose of Docker Content Trust? Solution: Verif...
- Question 29: Is this an advantage of multi-stage builds? Solution: optimi...
- Question 30: Will this sequence of steps completely delete an image from ...
- Question 31: Will this command list all nodes in a swarm cluster from the...
- Question 32: Will this action upgrade Docker Engine CE to Docker Engine E...
- Question 33: You want to create a container that is reachable from its ho...
- Question 34: You configure a local Docker engine to enforce content trust...
- Question 35: In the context of a swarm mode cluster, does this describe a...
- Question 36: Will this command ensure that overlay traffic between servic...
- Question 37: Is this the purpose of Docker Content Trust? Solution.Indica...
- Question 38: Will this command list all nodes in a swarm cluster from the...
- Question 39: You want to mount external storage to a particular filesyste...
- Question 40: An application image runs in multiple environments, with eac...
- Question 41: The Kubernetes yaml shown below describes a clusterIP servic...
- Question 42: Is this a type of Linux kernel namespace that provides conta...
- Question 43: Will this Linux kernel facility limit a Docker container's a...
- Question 44: You are troubleshooting a Kubernetes deployment called api, ...
- Question 45: Can this set of commands identify the published port(s) for ...
- Question 46: Is this an advantage of multi-stage builds? Solution: faster...
- Question 47: One of several containers in a pod is marked as unhealthy af...
- Question 48: Will this sequence of steps completely delete an image from ...
- Question 49: Is this a supported user authentication method for Universal...
- Question 50: You want to create a container that is reachable from its ho...
- Question 51: A company's security policy specifies that development and p...
- Question 52: You are troubleshooting a Kubernetes deployment called api, ...
- Question 53: Which networking drivers allow you to enable multi-host netw...
- Question 54: A persistentVolumeClaim (PVC) is created with the specificat...
- Question 55: The Kubernetes yaml shown below describes a clusterIP servic...
- Question 56: Will this configuration achieve fault tolerance for managers...
- Question 57: A company's security policy specifies that development and p...
- Question 58: You want to provide a configuration file to a container at r...
- Question 59: Will this command mount the host's '/data' directory to the ...
- Question 60: You configure a local Docker engine to enforce content trust...
- Question 61: You created a new service named 'http' and discover it is no...
- Question 62: Is this the purpose of Docker Content Trust? Solution.Sign a...
- Question 63: Does this command create a swarm service that only listens o...
- Question 64: During development of an application meant to be orchestrate...
- Question 65: Does this command display all the pods in the cluster that a...
- Question 66: Will this command display a list of volumes for a specific c...
- Question 67: The following Docker Compose file is deployed as a stack: (E...
- Question 68: An application image runs in multiple environments, with eac...
- Question 69: The Kubernetes yaml shown below describes a clusterIP servic...
- Question 70: You want to create a container that is reachable from its ho...
- Question 71: Is this a supported user authentication method for Universal...
- Question 72: Is this a Linux kernel namespace that is disabled by default...
- Question 73: Your organization has a centralized logging solution, such a...
- Question 74: During development of an application meant to be orchestrate...
- Question 75: The following Docker Compose file is deployed as a stack: (E...
- Question 76: Does this command display all the pods in the cluster that a...
- Question 77: Is this the purpose of Docker Content Trust? Solution: Enabl...
- Question 78: Can this set of commands identify the published port(s) for ...
- Question 79: Two development teams in your organization use Kubernetes an...
