Free Preparation Discussions
MENU
Docker DCA Exam Questions
- Topic 1: Orchestration: This section of the exam measures the skills of DevOps engineers and covers the configuration and management of Docker Swarm clusters. It includes tasks such as setting up manager and worker nodes, converting containers into services, and manipulating stacks. Candidates must understand the role of templates, inspect and troubleshoot running services, and adjust service scaling and placement using node labels. The section also requires interpreting docker inspect outputs and handling communication between Dockerized applications and legacy systems, emphasizing the importance of quorum in cluster resilience.
- Topic 2: Image Creation, Management, and Registry: This domain assesses cloud infrastructure administrators and focuses on building, managing, and optimizing Docker images. It involves working with Dockerfiles, tagging, and pruning images, as well as understanding image layering and registry usage. Candidates must demonstrate image creation from files, modifications to reduce layers, and the ability to push, pull, and sign images. Registry configuration and management are also included, with tasks involving authentication, search, deletion, and secure access to stored images.
- Topic 3: Installation and Configuration (15%): This section of the exam evaluates the capabilities of cloud infrastructure administrators and addresses Docker engine installation, setup, and configuration across multiple platforms. It includes tasks such as logging driver selection, swarm initialization, error resolution, and user access management. Candidates must demonstrate knowledge of system prerequisites, namespaces, cgroups, and the implementation of secure client-server certificate authentication. It also requires consistent deployment practices for Docker UCP and DTR environments, including backup scheduling and HA configurations.
- Topic 4: Networking: This domain targets DevOps engineers and covers Docker networking fundamentals. It includes creating bridge and overlay networks, publishing ports, diagnosing connectivity issues, and understanding network driver types. Candidates are expected to comprehend the Container Network Model, configure external DNS, and apply HTTP/HTTPS load balancing techniques using Docker EE. Additional topics include evaluating traffic flow between Docker components and distinguishing between different port publishing modes like host and ingress.
- Topic 5: Domain 5: Security: This part of the exam focuses on the knowledge of cloud infrastructure administrators and addresses Docker security configurations and practices. It covers image signing, security scans, Docker Content Trust, and default engine protections. Candidates must configure RBAC settings within UCP, integrate identity systems such as LDAP or Active Directory, and manage UCP client bundles. Understanding MTLS, swarm security defaults, and UCP/DTR certificate usage is essential to meet the requirements of this domain.
- Topic 6: Domain 6: Storage and Volumes: This domain measures the practical storage configuration knowledge of DevOps engineers. It includes selecting appropriate storage drivers based on the OS, configuring devicemapper, and comparing object and block storage. Candidates must understand image layering and its implications on the file system, handle volume configuration for persistent storage, and perform system cleanup of unused images. Cross-node storage usage and differentiating roles between UCP workers and managers are also addressed, along with managing external certificates within UCP and DTR environments.
Free Docker DCA Exam Actual Questions
Note: Premium Questions for DCA were last updated On Jun. 10, 2026 (see below)
Will this command display a list of volumes for a specific container?
Solution:docker volume inspect nginx'
= The commanddocker volume inspect nginxwill not display a list of volumes for a specific container.This is becausedocker volume inspectexpects one or more volume names as arguments, nota container name1.To display a list of volumes for a specific container, you can use thedocker inspectcommand with the--formatoption and a template that extracts the volume information fromthe container JSON output2. For example, to display the source and destination of the volumes mounted by the containernginx, you can use the following command:
docker inspect --format=' { {range .Mounts}} { {.Source}}: { {.Destination}} { {end}}' nginx
:
docker volume inspect | Docker Docs
docker inspect | Docker Docs
Will a DTR security scan detect this?
Solution: licenses for known third party binary components
A DTR security scan will detect licenses for known third party binary components.This is because DTR security scan uses a database of vulnerabilities and licenses that is updated regularly from Docker Server1.DTR security scan can identify the components and versions of the software packages that are present in the image layers, and report any known vulnerabilities or licenses associated with them2.This can help users to comply with the licensing requirements and avoid potential legal issues3.Reference:
Set up vulnerability scans | Docker Docs
Scan images for vulnerabilities | Docker Docs
Container Security 101 --- Scanning images for Vulnerabilities
Does this command display all the pods in the cluster that are labeled as 'env: development'?
Solution: 'kubectl get pods -I env=development'
The command 'kubectl get pods -I env=development' willnotdisplay all the pods in the cluster that are labeled as 'env: development'.This is because the -I flag isnota valid option for kubectl get pods1.The correct flag to use is --selector or -l, which allows you to filter pods by labels2. Therefore, the correct command to display all the pods in the cluster that are labeled as 'env: development' is:
kubectl get pods --selector env=development
or
kubectl get pods -l env=development
:
kubectl Cheat Sheet | Kubernetes
Labels | Kube by Example
I hope this helps you understand the command and the label, and how they work with Kubernetes and pods. If you have any other questions related to Docker, please feel free to ask me.
You created a new service named 'http* and discover it is not registering as healthy. Will this command enable you to view the list of historical tasks for this service?
Solution. 'docker inspect http"
The commanddocker inspect httpwill not enable you to view the list of historical tasks for the service.Thedocker inspectcommand returns low-level information on Docker objects, such as containers, images, networks, or volumes1.It does not work on services, which are higher-level objects that define the desired state of a set of tasks2.To view the list of historical tasks for a service, you need to use thedocker service pscommand, which shows the current and previous states of each task, as well as the node, error, and ports3.Reference:
docker inspect | Docker Docs
Services | Docker Docs
docker service ps | Docker Docs
Which docker run` flag lifts cgroup limitations?
The --privileged flag lifts all the cgroup limitations for a container, as well as other security restrictions imposed by the Docker daemon1. This gives the container full access to the host's devices, resources, and capabilities, as if it was running directly on the host2. This can be useful for certain use cases that require elevated privileges, such as running Docker-in-Docker or debugging system issues3. However, using the --privileged flag also poses a security risk, as it exposes the host to potential attacks or damages from the container4. Therefore, it is not recommended to use the --privileged flag unless absolutely necessary, and only with trusted images and containers.
The other options are not correct because they do not lift all the cgroup limitations for a container, but only affect specific aspects of the container's resource allocation or isolation:
*The --cpu-period flag sets the CPU CFS (Completely Fair Scheduler) period for a container, which is the length of a CPU cycle in microseconds. This flag can be used in conjunction with the --cpu-quota flag to limit the CPU time allocated to a container. However, this flag does not affect other cgroup limitations, such as memory, disk, or network.
*The --isolation flag sets the isolation technology for a container, which is the mechanism that separates the container from the host or other containers. This flag is only available on Windows containers, and can be used to choose between process, hyperv, or process-isolated modes. However, this flag does not affect the cgroup limitations for a container, but only the level of isolation from the host or other containers.
*The --cap-drop flag drops one or more Linux capabilities for a container, which are the privileges that a process can use to perform certain actions on the system. This flag can be used to reduce the attack surface of a container by removing unnecessary or dangerous capabilities. However, this flag does not affect the cgroup limitations for a container, but only the capabilities granted to the container by the Docker daemon.
*Runtime privilege and Linux capabilities
*Docker Security: Using Containers Safely in Production
*Docker run reference
*Docker Security: Are Your Containers Tightly Secured to the Ship? SlideShare
*[Secure Engine]
*[Configure a Pod to Use a Limited Amount of CPU]
*[Limit a container's resources]
*[Managing Container Resources]
*[Isolation modes]
*[Windows Container Isolation Modes]
*[Windows Container Version Compatibility]
*[Docker and Linux Containers]
*[Docker Security Cheat Sheet]
*[Docker Security: Using Containers Safely in Production]
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Bao Zhang
4 days agoAnthony Harris
16 days agoAnthony Moore
1 month agoDonald Adams
2 months agoPatricia Robinson
2 months agoSteven Hall
2 months agoCynthia Rivera
1 month agoMonica Parker
1 month agoAmy Carter
2 months agoRebbecca
3 months agoDestiny
3 months agoSkye
3 months agoJade
3 months agoLarae
3 months agoSuzan
4 months agoIzetta
4 months agoKara
4 months agoNoel
4 months agoJennie
5 months agoAlonzo
5 months agoElinore
5 months agoChantell
5 months agoMakeda
6 months agoFreeman
6 months agoKristeen
6 months agoNickolas
6 months agoElvis
7 months agoStefany
7 months agoRozella
7 months agoGlory
7 months agoKris
8 months agoKenneth
8 months agoJacinta
8 months agoIlene
8 months agoRoy
9 months agoElouise
9 months agoFidelia
9 months agoMaryrose
9 months agoDoretha
10 months agoGracia
11 months agoEzekiel
12 months agoJennifer
1 year agoCandida
1 year agoMichell
1 year agoKaitlyn
1 year agoAide
1 year agoAn
1 year agoHuey
1 year agoAlba
1 year agoLynelle
1 year agoBrynn
1 year agoThomasena
1 year agoAileen
1 year agoRosita
1 year agoGracia
1 year agoTalia
1 year agoLilli
1 year agoRory
2 years agoLorean
2 years agoTwana
2 years agoZona
2 years agoJestine
2 years agoJusta
2 years agoVilma
2 years agoCecilia
2 years agoRebbecca
2 years agoCarin
2 years agoCassie
2 years agoLashaunda
2 years agoChun
2 years agoJose
2 years agoBrittni
2 years agoDaniela
2 years agoHerminia
2 years agoCorazon
2 years agoFrancoise
2 years agoThea
2 years agoFannie
2 years agoGermaine
2 years agoSelene
2 years agoKaitlyn
2 years ago