From 5d6553176d16a820c81cbf767640cafe9c067e77 Mon Sep 17 00:00:00 2001 From: lacatoire Date: Sun, 8 Feb 2026 19:08:37 +0100 Subject: [PATCH] Add new questions for Networking and Installation domains Networking (+28 questions): - docker_dns.yaml: DNS resolution (8) - macvlan_networks.yaml: macvlan driver (6) - network_troubleshooting_advanced.yaml: advanced troubleshooting (8) - network_scoping.yaml: local vs swarm scope (6) Installation & Configuration (+26 questions): - daemon_json_config.yaml: daemon.json settings (8) - docker_editions.yaml: CE vs EE editions (6) - proxy_configuration.yaml: proxy setup (6) - rootless_docker.yaml: rootless mode (6) --- README.md | 8 +++ .../daemon_json_config.yaml | 72 +++++++++++++++++++ .../docker_editions.yaml | 54 ++++++++++++++ .../proxy_configuration.yaml | 54 ++++++++++++++ .../rootless_docker.yaml | 54 ++++++++++++++ data/4_Networking/docker_dns.yaml | 72 +++++++++++++++++++ data/4_Networking/macvlan_networks.yaml | 54 ++++++++++++++ data/4_Networking/network_scoping.yaml | 54 ++++++++++++++ .../network_troubleshooting_advanced.yaml | 72 +++++++++++++++++++ 9 files changed, 494 insertions(+) create mode 100644 data/3_installation_and_configuration/daemon_json_config.yaml create mode 100644 data/3_installation_and_configuration/docker_editions.yaml create mode 100644 data/3_installation_and_configuration/proxy_configuration.yaml create mode 100644 data/3_installation_and_configuration/rootless_docker.yaml create mode 100644 data/4_Networking/docker_dns.yaml create mode 100644 data/4_Networking/macvlan_networks.yaml create mode 100644 data/4_Networking/network_scoping.yaml create mode 100644 data/4_Networking/network_troubleshooting_advanced.yaml diff --git a/README.md b/README.md index c27ba64..38c0c00 100644 --- a/README.md +++ b/README.md @@ -83,6 +83,10 @@ The goal is to help candidates: * [Describe and interpret errors to troubleshoot installation issues without assistance.](data/3_installation_and_configuration/install_troubleshooting.yaml) * [Describe and demonstrate the steps to deploy the Docker engine, UCP (now MKE), and DTR (now MSR) on AWS and on-premises in an HA configuration.](data/3_installation_and_configuration/deploy_ucp_dtr_ha.yaml) * [Describe and demonstrate how to configure backups for UCP (now MKE) and DTR (now MSR).](data/3_installation_and_configuration/backup_ucp_dtr.yaml) +* [Describe daemon.json configuration.](data/3_installation_and_configuration/daemon_json_config.yaml) +* [Describe Docker editions (CE vs EE).](data/3_installation_and_configuration/docker_editions.yaml) +* [Describe proxy configuration for Docker.](data/3_installation_and_configuration/proxy_configuration.yaml) +* [Describe rootless Docker mode.](data/3_installation_and_configuration/rootless_docker.yaml) ### Domain 4: Networking (15% of exam) @@ -98,6 +102,10 @@ The goal is to help candidates: * [Understand and describe the types of traffic that flow between the Docker engine, registry, and UCP (now MKE) controllers](data/4_Networking/understand_engine_registry_ucp_traffic.yaml) * [Describe and demonstrate how to deploy a service on a Docker overlay network.](data/4_Networking/deploy_overlay_service.yaml) * [Describe and demonstrate how to troubleshoot container and engine logs to resolve connectivity issues between containers.](data/4_Networking/troubleshoot_container_connectivity.yaml) +* [Describe Docker DNS resolution.](data/4_Networking/docker_dns.yaml) +* [Describe macvlan networks.](data/4_Networking/macvlan_networks.yaml) +* [Describe advanced network troubleshooting.](data/4_Networking/network_troubleshooting_advanced.yaml) +* [Describe network scoping (local vs swarm).](data/4_Networking/network_scoping.yaml) ### Domain 5: Security (15% of exam) diff --git a/data/3_installation_and_configuration/daemon_json_config.yaml b/data/3_installation_and_configuration/daemon_json_config.yaml new file mode 100644 index 0000000..a4aa0f9 --- /dev/null +++ b/data/3_installation_and_configuration/daemon_json_config.yaml @@ -0,0 +1,72 @@ +questions: + - uuid: a1d3e7c4-5f28-4b91-8e6a-3c9d0f1b7a24 + question: What is the default location of the Docker daemon configuration file on Linux? + answers: + - { value: '/var/lib/docker/config.json', correct: false } + - { value: '/etc/docker/daemon.json', correct: true } + - { value: '/usr/local/docker/daemon.conf', correct: false } + - { value: '/etc/default/docker.json', correct: false } + help: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file + + - uuid: b4e6f8a2-9c13-4d75-a0b8-7e2f5d3c1a96 + question: Which key in daemon.json is used to configure insecure registries? + answers: + - { value: 'allow-http-registries', correct: false } + - { value: 'registry-mirrors', correct: false } + - { value: 'insecure-registries', correct: true } + - { value: 'no-tls-registries', correct: false } + help: https://docs.docker.com/engine/reference/commandline/dockerd/#insecure-registries + + - uuid: c7a9d1e5-3b46-4f82-9d0c-8a6e2f4b7c53 + question: How do you enable debug mode in the Docker daemon using daemon.json? + answers: + - { value: 'Set "log-level": "debug"', correct: false } + - { value: 'Set "debug": true', correct: true } + - { value: 'Set "verbose": true', correct: false } + - { value: 'Set "mode": "debug"', correct: false } + help: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file + + - uuid: d2f4b8c6-1e73-4a59-b6d0-5c9a3e7f2d18 + question: What happens if the same option is set both in daemon.json and as a dockerd command-line flag? + answers: + - { value: 'The daemon.json value takes precedence', correct: false } + - { value: 'The command-line flag takes precedence', correct: false } + - { value: 'Docker fails to start and reports a configuration conflict', correct: true } + - { value: 'Docker merges both values together', correct: false } + help: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file + + - uuid: e5a1c3d7-8b29-4f6e-a4c2-6d0b9e7f3a85 + question: Which signal can be sent to the Docker daemon to reload daemon.json without restarting the daemon? + answers: + - { value: 'SIGTERM', correct: false } + - { value: 'SIGKILL', correct: false } + - { value: 'SIGHUP', correct: true } + - { value: 'SIGUSR1', correct: false } + help: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file + + - uuid: f8b2d4e6-0a57-4c91-b3e5-9f1a7c6d2b48 + question: Which key in daemon.json is used to configure custom DNS servers for all containers? + answers: + - { value: 'nameservers', correct: false } + - { value: 'dns', correct: true } + - { value: 'resolv-conf', correct: false } + - { value: 'dns-servers', correct: false } + help: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file + + - uuid: 1a3c5e7b-2d49-4f80-96a1-8b0e4f6c3d72 + question: Which daemon.json key allows you to define default subnet pools for user-defined bridge networks? + answers: + - { value: 'subnet-pools', correct: false } + - { value: 'bridge-subnets', correct: false } + - { value: 'default-address-pools', correct: true } + - { value: 'network-pools', correct: false } + help: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file + + - uuid: 2b4d6f8a-3e51-4c92-a7b2-9c1f5e7d4a63 + question: Which daemon.json options can be reloaded with SIGHUP without restarting the Docker daemon? + answers: + - { value: 'storage-driver and data-root', correct: false } + - { value: 'debug, labels, and insecure-registries', correct: true } + - { value: 'iptables and ip-forward', correct: false } + - { value: 'All daemon.json options can be reloaded without restart', correct: false } + help: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file diff --git a/data/3_installation_and_configuration/docker_editions.yaml b/data/3_installation_and_configuration/docker_editions.yaml new file mode 100644 index 0000000..d6380ff --- /dev/null +++ b/data/3_installation_and_configuration/docker_editions.yaml @@ -0,0 +1,54 @@ +questions: + - uuid: 3c5e7a9b-4f62-4d83-b8c3-0d2a6e8f5b74 + question: What replaced Docker Enterprise Edition after Mirantis acquired it in 2019? + answers: + - { value: 'Docker Business Edition', correct: false } + - { value: 'Docker Pro', correct: false } + - { value: 'Mirantis Container Runtime', correct: true } + - { value: 'Docker Enterprise Community', correct: false } + help: https://docs.docker.com/engine/ + + - uuid: e915b4e4-d94a-4139-b6f8-3716c08c4191 + question: Which release channel provides the most recent stable Docker CE builds intended for production use? + answers: + - { value: 'edge', correct: false } + - { value: 'nightly', correct: false } + - { value: 'stable', correct: true } + - { value: 'beta', correct: false } + help: https://docs.docker.com/engine/install/ + + - uuid: b5ee83b7-5ba4-4d4e-a3c5-ffcc33686e34 + question: Which Docker release channel is intended for pre-release testing and includes features not yet available in the stable channel? + answers: + - { value: 'nightly', correct: false } + - { value: 'test', correct: true } + - { value: 'edge', correct: false } + - { value: 'dev', correct: false } + help: https://docs.docker.com/engine/install/ + + - uuid: f25cd4d9-b00d-47e6-9607-6179d5b531a9 + question: What is Docker Desktop? + answers: + - { value: 'A lightweight Linux-only CLI tool for managing Docker images', correct: false } + - { value: 'An application for Mac and Windows that provides a GUI and bundled Docker Engine, CLI, Compose, and Kubernetes', correct: true } + - { value: 'A browser-based management console for Docker Swarm clusters', correct: false } + - { value: 'A Docker plugin for managing virtual machines on desktop systems', correct: false } + help: https://docs.docker.com/desktop/ + + - uuid: 5dd4a9a8-8765-4b2a-8101-040d1fe37fe7 + question: Which component is the open-source Docker container runtime available on Linux, commonly installed via package managers? + answers: + - { value: 'Docker Desktop', correct: false } + - { value: 'Docker Machine', correct: false } + - { value: 'Docker Engine', correct: true } + - { value: 'Docker Toolbox', correct: false } + help: https://docs.docker.com/engine/ + + - uuid: 17c0df34-7659-4175-8a93-44810e7e8284 + question: Docker Desktop requires a paid subscription for professional use in organizations of what size? + answers: + - { value: 'More than 10 employees', correct: false } + - { value: 'More than 100 employees', correct: false } + - { value: 'More than 250 employees or more than $10 million in annual revenue', correct: true } + - { value: 'All organizations regardless of size', correct: false } + help: https://docs.docker.com/subscription/ diff --git a/data/3_installation_and_configuration/proxy_configuration.yaml b/data/3_installation_and_configuration/proxy_configuration.yaml new file mode 100644 index 0000000..eb90392 --- /dev/null +++ b/data/3_installation_and_configuration/proxy_configuration.yaml @@ -0,0 +1,54 @@ +questions: + - uuid: ff898791-1a5f-4cf9-9272-0c8f10cee3b6 + question: Where should you configure HTTP_PROXY and HTTPS_PROXY environment variables so that the Docker daemon uses them on a systemd-based Linux system? + answers: + - { value: '/etc/docker/daemon.json', correct: false } + - { value: 'A systemd drop-in file such as /etc/systemd/system/docker.service.d/http-proxy.conf', correct: true } + - { value: '/etc/environment', correct: false } + - { value: '/var/lib/docker/proxy.conf', correct: false } + help: https://docs.docker.com/engine/daemon/proxy/ + + - uuid: 7e04292f-182e-4eab-8369-c38f3514f445 + question: Which file configures proxy settings that are automatically applied to containers during docker build and docker run? + answers: + - { value: '/etc/docker/daemon.json', correct: false } + - { value: '~/.docker/config.json', correct: true } + - { value: '/etc/default/docker', correct: false } + - { value: '~/.bashrc', correct: false } + help: https://docs.docker.com/network/proxy/ + + - uuid: fef6b35f-f2c1-475e-82b4-62049ba12732 + question: Which environment variable is used to specify hosts that should bypass the proxy for the Docker daemon? + answers: + - { value: 'PROXY_BYPASS', correct: false } + - { value: 'DOCKER_NO_PROXY', correct: false } + - { value: 'NO_PROXY', correct: true } + - { value: 'SKIP_PROXY', correct: false } + help: https://docs.docker.com/engine/daemon/proxy/ + + - uuid: 99c5acd0-c628-4c5c-9414-131d9e329e3e + question: What command must be run after creating or modifying a systemd drop-in file for Docker proxy configuration? + answers: + - { value: 'systemctl restart docker', correct: false } + - { value: 'systemctl daemon-reload followed by systemctl restart docker', correct: true } + - { value: 'dockerd --reload', correct: false } + - { value: 'service docker reload', correct: false } + help: https://docs.docker.com/engine/daemon/proxy/ + + - uuid: 634bfe0a-1f67-4862-8bd6-b838f2899364 + question: In ~/.docker/config.json, under which key are proxy settings for containers configured? + answers: + - { value: 'proxyConfig', correct: false } + - { value: 'network', correct: false } + - { value: 'proxies', correct: true } + - { value: 'httpSettings', correct: false } + help: https://docs.docker.com/network/proxy/ + + - uuid: d3f070b3-0919-4551-807c-c6a63c0fe440 + question: When proxy settings are configured in ~/.docker/config.json, how are they passed to containers? + answers: + - { value: 'As Docker labels on the container', correct: false } + - { value: 'As environment variables injected automatically into the container', correct: true } + - { value: 'As arguments appended to the container entrypoint', correct: false } + - { value: 'As DNS records resolved by the Docker embedded DNS server', correct: false } + help: https://docs.docker.com/network/proxy/ diff --git a/data/3_installation_and_configuration/rootless_docker.yaml b/data/3_installation_and_configuration/rootless_docker.yaml new file mode 100644 index 0000000..bda4226 --- /dev/null +++ b/data/3_installation_and_configuration/rootless_docker.yaml @@ -0,0 +1,54 @@ +questions: + - uuid: ca71052a-2e37-4568-8e90-e622eac367ec + question: Which script is used to install and configure Docker in rootless mode? + answers: + - { value: 'docker-rootless-install.sh', correct: false } + - { value: 'dockerd-rootless-setuptool.sh install', correct: true } + - { value: 'docker-setup --rootless', correct: false } + - { value: 'install-docker-rootless.sh', correct: false } + help: https://docs.docker.com/engine/security/rootless/ + + - uuid: 6d8f0b2c-7a95-4eb6-8f96-3e5bdf1a6c07 + question: What must the DOCKER_HOST environment variable be set to when using Docker in rootless mode? + answers: + - { value: 'tcp://localhost:2375', correct: false } + - { value: 'unix:///var/run/docker.sock', correct: false } + - { value: 'unix://$XDG_RUNTIME_DIR/docker.sock', correct: true } + - { value: 'unix:///tmp/docker-rootless.sock', correct: false } + help: https://docs.docker.com/engine/security/rootless/ + + - uuid: 7e9a1c3d-8b06-4fc7-9a07-4f6cea2b7d18 + question: Which of the following is a limitation of Docker rootless mode by default? + answers: + - { value: 'Containers cannot use bridge networking', correct: false } + - { value: 'Containers cannot use volumes', correct: false } + - { value: 'The --privileged flag is not allowed', correct: true } + - { value: 'Only one container can run at a time', correct: false } + help: https://docs.docker.com/engine/security/rootless/ + + - uuid: 62ee1613-cf07-4037-84e3-b2c2202a69eb + question: Which networking component does Docker rootless mode use by default instead of iptables for port forwarding? + answers: + - { value: 'nftables', correct: false } + - { value: 'slirp4netns', correct: true } + - { value: 'macvlan', correct: false } + - { value: 'ipvlan', correct: false } + help: https://docs.docker.com/engine/security/rootless/ + + - uuid: ece30377-a80c-4948-8071-baf6fe0e169d + question: Which kernel feature must be enabled for Docker rootless mode to provide UID/GID isolation between the host and containers? + answers: + - { value: 'cgroups v2', correct: false } + - { value: 'seccomp', correct: false } + - { value: 'user namespaces (unprivileged)', correct: true } + - { value: 'AppArmor', correct: false } + help: https://docs.docker.com/engine/security/rootless/ + + - uuid: 268277e6-27f1-4d4f-a88e-edf7942f2e4b + question: Which security module is not natively supported inside containers running in Docker rootless mode? + answers: + - { value: 'seccomp', correct: false } + - { value: 'SELinux', correct: false } + - { value: 'AppArmor', correct: true } + - { value: 'capabilities', correct: false } + help: https://docs.docker.com/engine/security/rootless/ diff --git a/data/4_Networking/docker_dns.yaml b/data/4_Networking/docker_dns.yaml new file mode 100644 index 0000000..cc9d8b4 --- /dev/null +++ b/data/4_Networking/docker_dns.yaml @@ -0,0 +1,72 @@ +questions: + - uuid: a3c7e1d4-5f28-4b9a-8e61-3d2f7c9a0b14 + question: What is the IP address of the embedded DNS server that Docker provides to containers on user-defined networks? + answers: + - { value: '127.0.0.1', correct: false } + - { value: '127.0.0.11', correct: true } + - { value: '172.17.0.1', correct: false } + - { value: '8.8.8.8', correct: false } + help: https://docs.docker.com/config/containers/container-networking/#dns-services + + - uuid: b8d4f2e5-6a39-4c0b-9f72-4e3a8d1b2c25 + question: On which type of Docker network does automatic DNS-based container name resolution work? + answers: + - { value: 'The default bridge network', correct: false } + - { value: 'User-defined networks only', correct: true } + - { value: 'All networks including host mode', correct: false } + - { value: 'Only overlay networks', correct: false } + help: https://docs.docker.com/config/containers/container-networking/#dns-services + + - uuid: 2d245c7f-6a3d-4723-8b78-a997a3962933 + question: What does the --dns flag do when passed to a docker run command? + answers: + - { value: 'It changes the embedded DNS server address from 127.0.0.11', correct: false } + - { value: 'It sets a custom DNS server that the container uses for external name resolution', correct: true } + - { value: 'It disables DNS resolution entirely for the container', correct: false } + - { value: 'It configures DNS for the Docker daemon globally', correct: false } + help: https://docs.docker.com/config/containers/container-networking/#dns-services + + - uuid: ad53b53d-28c7-4512-a074-45170876e547 + question: What is the purpose of the --dns-search flag in a docker run command? + answers: + - { value: 'It searches for containers with matching DNS names', correct: false } + - { value: 'It enables DNS lookup logging for debugging', correct: false } + - { value: 'It sets the DNS search domain so unqualified hostnames are resolved under that domain', correct: true } + - { value: 'It restricts DNS queries to a specific network', correct: false } + help: https://docs.docker.com/config/containers/container-networking/#dns-services + + - uuid: aa179ba0-8c07-41ae-9363-a9e918be1f48 + question: Two containers named "web" and "api" are running on the same user-defined bridge network. How can the "web" container reach the "api" container? + answers: + - { value: 'By using the IP address of the Docker host', correct: false } + - { value: 'By using the container name "api" as the hostname', correct: true } + - { value: 'By publishing a port on the "api" container and using localhost', correct: false } + - { value: 'By using the container ID as the hostname on the default bridge', correct: false } + help: https://docs.docker.com/network/bridge/#differences-between-user-defined-bridges-and-the-default-bridge + + - uuid: 9efc07d2-66ac-4556-8adf-87aa53686147 + question: How does Docker Swarm provide DNS-based service discovery for services deployed on an overlay network? + answers: + - { value: 'Each task registers with an external Consul DNS server', correct: false } + - { value: 'The Swarm manager resolves service names to the virtual IP (VIP) of the service', correct: true } + - { value: 'Services must be configured with --dns pointing to the manager node', correct: false } + - { value: 'Service discovery is only available when using the host network driver', correct: false } + help: https://docs.docker.com/network/overlay/#service-discovery + + - uuid: 77bcecab-5128-413f-bc60-d5929760a3a0 + question: What is DNS round-robin in the context of Docker networking? + answers: + - { value: 'A method that assigns a unique DNS name to each container on a network', correct: false } + - { value: 'A resolution mode where a DNS lookup for a service name returns the IP addresses of all backing containers in rotation', correct: true } + - { value: 'A technique that forces DNS queries to alternate between internal and external DNS servers', correct: false } + - { value: 'A failover mechanism that redirects DNS traffic to a secondary Docker host', correct: false } + help: https://docs.docker.com/network/overlay/#customize-the-default-ingress-network + + - uuid: 0b2a7d26-453c-433d-a3c2-ba9ef79a878e + question: Which docker run flag can be used to assign a network alias that other containers can use for DNS resolution? + answers: + - { value: '--hostname', correct: false } + - { value: '--name', correct: false } + - { value: '--network-alias', correct: true } + - { value: '--dns-alias', correct: false } + help: https://docs.docker.com/engine/reference/commandline/run/#network-alias diff --git a/data/4_Networking/macvlan_networks.yaml b/data/4_Networking/macvlan_networks.yaml new file mode 100644 index 0000000..fcf343e --- /dev/null +++ b/data/4_Networking/macvlan_networks.yaml @@ -0,0 +1,54 @@ +questions: + - uuid: 6f870ccc-23cb-41ac-9056-073b6565a6ea + question: What is the primary use case for the macvlan network driver in Docker? + answers: + - { value: 'Encrypting traffic between containers on different hosts', correct: false } + - { value: 'Allowing containers to appear as physical devices on the network with their own MAC addresses', correct: true } + - { value: 'Providing DNS-based service discovery across Swarm nodes', correct: false } + - { value: 'Isolating container traffic from the host network entirely', correct: false } + help: https://docs.docker.com/network/macvlan/ + + - uuid: 89cde52c-5e0b-42f0-abc6-389ef2016677 + question: Which command correctly creates a macvlan network attached to the host interface eth0 with a specified subnet and gateway? + answers: + - { value: 'docker network create --driver macvlan --subnet 192.168.1.0/24 --gateway 192.168.1.1 -o parent=eth0 my-macvlan', correct: true } + - { value: 'docker network create --type macvlan --interface eth0 --subnet 192.168.1.0/24 my-macvlan', correct: false } + - { value: 'docker macvlan create --parent eth0 --subnet 192.168.1.0/24 my-macvlan', correct: false } + - { value: 'docker network create --driver macvlan --bind eth0 my-macvlan', correct: false } + help: https://docs.docker.com/network/macvlan/#create-a-macvlan-network + + - uuid: e7ad31be-5d2c-4f9e-8ca1-3bcd7a0e1fb4 + question: What does the -o parent= option specify when creating a macvlan network? + answers: + - { value: 'The parent Docker network to inherit settings from', correct: false } + - { value: 'The host physical or virtual network interface to associate with the macvlan network', correct: true } + - { value: 'The parent container whose network namespace is shared', correct: false } + - { value: 'The parent Swarm manager node for the network', correct: false } + help: https://docs.docker.com/network/macvlan/#create-a-macvlan-network + + - uuid: f8be42cf-6e3d-4a0f-9db2-4cde8b1f2ac5 + question: How do you create a macvlan network in 802.1q trunk bridge mode to tag traffic with VLAN ID 100? + answers: + - { value: 'docker network create --driver macvlan --vlan 100 -o parent=eth0 my-macvlan', correct: false } + - { value: 'docker network create --driver macvlan -o parent=eth0.100 --subnet 192.168.100.0/24 my-macvlan', correct: true } + - { value: 'docker network create --driver macvlan --tag=100 -o parent=eth0 my-macvlan', correct: false } + - { value: 'docker network create --driver vlan --id 100 --parent eth0 my-macvlan', correct: false } + help: https://docs.docker.com/network/macvlan/#use-an-8021q-trunk-bridge-mode + + - uuid: 02f282da-618a-4afd-bb6c-fb0a7dd83bfe + question: Which statement correctly describes a difference between macvlan and bridge network drivers? + answers: + - { value: 'Bridge networks assign unique MAC addresses to containers while macvlan does not', correct: false } + - { value: 'Macvlan containers communicate through the Docker bridge interface just like bridge networks', correct: false } + - { value: 'Macvlan containers are directly reachable on the physical network without NAT, whereas bridge containers use NAT for external access', correct: true } + - { value: 'Bridge networks require promiscuous mode on the host NIC but macvlan does not', correct: false } + help: https://docs.docker.com/network/macvlan/ + + - uuid: 4d82c19e-349e-4e7e-b408-385f8f88f364 + question: What is a known limitation when using the macvlan network driver in Docker? + answers: + - { value: 'Containers on a macvlan network cannot communicate with external networks', correct: false } + - { value: 'The Docker host itself cannot directly communicate with its own macvlan containers without additional configuration', correct: true } + - { value: 'Macvlan networks do not support IPv4 addressing', correct: false } + - { value: 'Only one container can be attached to a macvlan network at a time', correct: false } + help: https://docs.docker.com/network/macvlan/ diff --git a/data/4_Networking/network_scoping.yaml b/data/4_Networking/network_scoping.yaml new file mode 100644 index 0000000..ae907f9 --- /dev/null +++ b/data/4_Networking/network_scoping.yaml @@ -0,0 +1,54 @@ +questions: + - uuid: 8ed2749a-a63a-401d-a765-8e0122a5ae7c + question: What are the two network scopes available in Docker? + answers: + - { value: 'internal and external', correct: false } + - { value: 'local and swarm', correct: true } + - { value: 'host and container', correct: false } + - { value: 'private and public', correct: false } + help: https://docs.docker.com/network/#network-drivers + + - uuid: 54ba4fa9-92ef-459a-9ae3-b0cada5c74d5 + question: What is the default scope of the bridge network driver? + answers: + - { value: 'swarm', correct: false } + - { value: 'global', correct: false } + - { value: 'local', correct: true } + - { value: 'cluster', correct: false } + help: https://docs.docker.com/network/bridge/ + + - uuid: 5e32956b-85d4-485f-91bf-f81413c14af1 + question: What is the default scope of the overlay network driver? + answers: + - { value: 'local', correct: false } + - { value: 'swarm', correct: true } + - { value: 'host', correct: false } + - { value: 'node', correct: false } + help: https://docs.docker.com/network/overlay/ + + - uuid: e7653bdf-6b26-443e-8ce3-cb23755e6a07 + question: Which command filters Docker networks by their scope? + answers: + - { value: 'docker network ls --type swarm', correct: false } + - { value: 'docker network ls --filter scope=swarm', correct: true } + - { value: 'docker network ls --scope=swarm', correct: false } + - { value: 'docker network inspect --filter scope=swarm', correct: false } + help: https://docs.docker.com/engine/reference/commandline/network_ls/#filter + + - uuid: b0b3fbbd-ac70-4636-998c-6c093bfe3c04 + question: Which statement about cross-host container networking in Docker is correct? + answers: + - { value: 'Bridge networks can span multiple Docker hosts when Swarm mode is enabled', correct: false } + - { value: 'Overlay networks enable containers on different Docker hosts to communicate as if they are on the same network', correct: true } + - { value: 'Host network mode allows containers on separate hosts to share the same network namespace', correct: false } + - { value: 'Cross-host networking requires configuring macvlan on every node', correct: false } + help: https://docs.docker.com/network/overlay/ + + - uuid: dbacd0c0-25c9-4439-871d-9c9ab5e3b2ad + question: A network created with the bridge driver on a single Docker host is visible only on that host. What does this characteristic describe? + answers: + - { value: 'Network isolation', correct: false } + - { value: 'Network encryption', correct: false } + - { value: 'Local scope', correct: true } + - { value: 'Ingress mode', correct: false } + help: https://docs.docker.com/network/#network-drivers diff --git a/data/4_Networking/network_troubleshooting_advanced.yaml b/data/4_Networking/network_troubleshooting_advanced.yaml new file mode 100644 index 0000000..b3a92c3 --- /dev/null +++ b/data/4_Networking/network_troubleshooting_advanced.yaml @@ -0,0 +1,72 @@ +questions: + - uuid: 1efe5950-3f81-461a-b845-95fbd471ffb9 + question: Which command displays detailed information about a Docker network, including connected containers and their IP addresses? + answers: + - { value: 'docker network show my-network', correct: false } + - { value: 'docker network inspect my-network', correct: true } + - { value: 'docker network status my-network', correct: false } + - { value: 'docker info --network my-network', correct: false } + help: https://docs.docker.com/engine/reference/commandline/network_inspect/ + + - uuid: b304ad31-58f5-4a7e-9a82-406680fa726d + question: How can you run a network diagnostic command such as ping inside a running container? + answers: + - { value: 'docker attach ping ', correct: false } + - { value: 'docker exec ping ', correct: true } + - { value: 'docker run --net=container: ping ', correct: false } + - { value: 'docker network ping ', correct: false } + help: https://docs.docker.com/engine/reference/commandline/exec/ + + - uuid: 8c7106ec-edf5-4422-8c58-43d02c231259 + question: What is the purpose of using nsenter when troubleshooting Docker network issues? + answers: + - { value: 'It creates a new network namespace for a container', correct: false } + - { value: 'It allows you to enter the network namespace of a container from the host to run diagnostic tools', correct: true } + - { value: 'It encrypts network traffic entering a container namespace', correct: false } + - { value: 'It maps container ports to host ports dynamically', correct: false } + help: https://docs.docker.com/engine/network/tutorials/standalone/ + + - uuid: 28a23f97-5485-4e77-8a20-511fd1d26e4c + question: Which iptables chain does Docker primarily use to handle NAT for container traffic leaving the host? + answers: + - { value: 'INPUT', correct: false } + - { value: 'FORWARD', correct: false } + - { value: 'POSTROUTING in the nat table', correct: true } + - { value: 'OUTPUT in the filter table', correct: false } + help: https://docs.docker.com/network/iptables/ + + - uuid: 1ee0c70d-3ede-4eb5-9370-60128971879b + question: What does the docker port command display? + answers: + - { value: 'All open ports on the Docker host', correct: false } + - { value: "The port mappings between a container's exposed ports and the host ports they are published to", correct: true } + - { value: 'The list of ports blocked by Docker firewall rules', correct: false } + - { value: 'The internal ports used by the Docker daemon', correct: false } + help: https://docs.docker.com/engine/reference/commandline/port/ + + - uuid: 4f2757aa-096a-4f69-bdde-88aa00c44643 + question: How can you capture network traffic inside a Docker container for troubleshooting purposes? + answers: + - { value: 'docker logs --tcpdump ', correct: false } + - { value: 'docker network capture ', correct: false } + - { value: 'Run tcpdump inside the container using docker exec, provided tcpdump is installed in the container image', correct: true } + - { value: 'Use docker inspect --packet-trace ', correct: false } + help: https://docs.docker.com/engine/network/tutorials/standalone/ + + - uuid: c7eb31f8-5bc2-4d9a-8ae1-3fab6c4d7ef9 + question: A container cannot reach external services on the internet. Which of the following should you check first? + answers: + - { value: 'Whether the container has a volume mounted', correct: false } + - { value: 'Whether the Docker image was pulled from a private registry', correct: false } + - { value: "Whether the container's network has a proper gateway and the host iptables rules allow forwarding", correct: true } + - { value: 'Whether the container is running in privileged mode', correct: false } + help: https://docs.docker.com/network/iptables/ + + - uuid: d8fc42a9-6cd3-4e0b-9bf2-4abc7d5e8fa0 + question: Which docker network inspect format expression retrieves the subnet of a Docker network? + answers: + - { value: "docker network inspect --format '{{.Options.Subnet}}' my-network", correct: false } + - { value: "docker network inspect --format '{{range .IPAM.Config}}{{.Subnet}}{{end}}' my-network", correct: true } + - { value: "docker network inspect --format '{{.NetworkSettings.Subnet}}' my-network", correct: false } + - { value: "docker network inspect --format '{{.Config.IPAM.Subnet}}' my-network", correct: false } + help: https://docs.docker.com/engine/reference/commandline/network_inspect/