Amazon Amazon Certifications DOP-C02 Questions & Answers

• Question 351:

  What is AWS CloudTrail Processing Library?

  A. A static library with CloudTrail log files in a movable format machine code that is directly executable

  B. An object library with CloudTrail log files in a movable format machine code that is usually not directly executable

  C. A Java library that makes it easy to build an application that reads and processes CloudTrail log files

  D. A PHP library that renders various generic containers needed for CloudTrail log files

  Correct Answer: C

  AWS CloudTrail Processing Library is a Java library that makes it easy to build an application that reads and processes CloudTrail log files. You can download CloudTrail Processing Library from GitHub.

  Reference: http://aws.amazon.com/cloudtrail/faqs/

• Question 352:

  Using the AWS CLI, which command retrieves CloudTrail trail settings, including the status of the trail itself?

  A. aws cloudtrail return-trails

  B. aws cloudtrail validate-settings

  C. aws cloudtrail get-settings

  D. aws cloudtrail describe-trails

  Correct Answer: D

  You can retrieve trail settings and status using the cloudtrail describe-trails command. It will generate output similar to the example below.

  

  Reference: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trailby-using-the-aws-cli.htm

• Question 353:

  Which services can be used as optional components of setting up a new Trail in CloudTrail?

  A. KMS, SNS and SES

  B. CloudWatch, S3 and SNS

  C. KMS, Cloudwatch and SNS

  D. KMS, S3 and CloudWatch

  Correct Answer: C

  Key Management Service: The use of AWS KMS is an optional element of CloudTrail, but it allows additional encryption to be added to your Log files when stored on S3 Simple Notification Service: Amazon SNS is also an optional component for CloudTrail, but it allows for you to create notifications, for example when a new log file is delivered to S3 SNS could notify someone or a team via an e-mail. Or it could be used in conjunction with CloudWatch when metric thresholds have been reached. CloudWatch Logs: Again, this is another optional component, but AWS CloudTrail allows you to deliver its logs to AWS Cloudwatch Logs as well as S3 for specific monitoring metrics to take place.

  Reference: https://cloudacademy.com/amazon-web-services/aws-cloudtrail-introduction-course/how-doesaws-cloudtrail-work.html

• Question 354:

  What does the Docker network docker_gwbridge do?

  A. allows communication between containers on the same host

  B. allows communication between swarm nodes on different hosts

  C. allows communication between swarm nodes on the same host

  D. allows communication between containers on the different hosts

  Correct Answer: B

  The docker_gwbridge is a local bridge network which is automatically created by Docker in two different circumstances: When you initialize or join a swarm, Docker creates the docker_gwbridge network and uses it for communication among swarm nodes on different hosts. When none of a container's networks can provide external connectivity, Docker connects the container to the docker_gwbridge network in addition to the container's other networks, so that the container can connect to external networks or other swarm nodes.

  Reference: https://docs.docker.com/engine/userguide/networking/#the-docker_gwbridge-network

• Question 355:

  What is the only layer in a Docker image that is not read-only?

  A. they are all read-only

  B. none are read-only

  C. the first layer

  D. the last layer

  Correct Answer: D

  A Docker image is built up from a series of layers. Each layer represents an instruction in the image's Dockerfile. Each layer except the very last one is read-only.

  Reference: https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/#images-andlayers

• Question 356:

  When building a Docker image, you are searching through a persistent data volume's logs to provide parameters for the next build. You execute the following command. Which of the operations will cause a failure of the Docker RUNcommand? RUN cat ./data/log/*.error | grep service_status | grep ERROR

  A. the first grep command

  B. any one of them

  C. the second grep command

  D. the cat command

  Correct Answer: C

  Some RUN commands depend on the ability to pipe the output of one command into another, using the pipe character (|), as in the following example:

  RUN wget -O - https://some.site | wc -l > /number

  Docker executes these commands using the /bin/sh -c interpreter, which only evaluates the exit code of the last operation in the pipe to determine success. In the example above this build step succeeds and produces a new image so long as

  the wc -lcommand succeeds, even if the wget command fails.

  Reference:

  https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#run

• Question 357:

  What flag would you use to limit a Docker container's memory usage to 128 megabytes?

  A. -memory 128m

  B. -m 128m

  C. --memory-reservation 128m

  D. -m 128MB

  Correct Answer: B

  Docker can enforce hard memory limits, which allow the container to use no more than a given amount of user or system memory, or soft limits, which allow the container to use as much memory as it needs unless certain conditions are met,

  such as when the kernel detects low memory or contention on the host machine. Some of these options have different effects when used alone or when more than one option is set. Most of these options take a positive integer, followed by a

  suffix of b, k, m, g, to indicate bytes, kilobytes, megabytes, or gigabytes.

  Option -m or --memory=

  Description The maximum amount of memory the container can use. If you set this option, the minimum allowed value is 4m (4 megabyte).

  Reference:

  https://docs.docker.com/engine/admin/resource_constraints/#memory

• Question 358:

  Which of the following is NOT an advantage of Docker's content addressable storage model?

  A. random UUIDs improve filesystem performance

  B. improved security

  C. guarantees data integrity after push, pull, load, and save operations

  D. avoids content ID collisions

  Correct Answer: A

  Docker 1.10 introduced a new content addressable storage model. This is a completely new way to address image and layer data on disk. Previously, image and layer data was referenced and stored using a randomly generated UUID. In the new model this is replaced by a secure content hash. The new model improves security, provides a built-in way to avoid ID collisions, and guarantees data integrity after pull, push, load, and save operations. It also enables better sharing of layers by allowing many images to freely share their layers even if they did not come from the same build.

  Reference: https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/#contentaddressable-storage

• Question 359:

  When deploying to a Docker swarm, which section of the docker-compose file defines configuration related to the deployment and running of services?

  A. services

  B. build

  C. deploy

  D. args

  Correct Answer: C

  Specify configuration related to the deployment and running of services. This only takes effect when deploying to a swarm withdocker stack deploy, and is ignored by docker-compose up and docker-compose run.

  Reference: https://docs.docker.com/compose/compose-file/#deploy

• Question 360:

  You are running a Docker daemon on a Linux host and it becomes unresponsive. Which signal, when sent to a Docker process with the kill command, forces the full stack trace to be logged for debugging purposes?

  A. -TRACE

  B. -IOTRACE

  C. -SIGUSER1

  D. -KILLTRACE

  Correct Answer: C

  If the daemon is unresponsive, you can force a full stack trace to be logged by sending a SIGUSR1 signal to the daemon.

  Linux:

  $ sudo kill -SIGUSR1 $(pidof dockerd)

  Windows Server:

  Download docker-signal.

  Run the executable with the flag --pid=.

  Reference:

  https://docs.docker.com/engine/admin/#force-a-stack-trace-to-be-logged