DCA Exam Dumps - Docker Certified Associate Questions and Answers

= Keeping a backup copy of the image on another repository is not how a user can prevent an image, such as ‘nginx:latest’, from being overwritten by another user with push access to the repository. This approach does not prevent the original image from being overwritten, it only provides a way to restore it from another source. However, this may not be reliable or efficient, as the backup repository may not be in sync with the original one, or may not be accessible at all times. To prevent an image from being overwritten by another user, the user can use the DTR web UI to make the tag immutable1. This feature allows the user to lock a specific tag, so that no one can push a new image with the same tag to the repository. This ensures that the image is always consistent and secure1. References:

• Make a tag immutable | Docker Docs

Image role-based access control is not a function of UCP. UCP has its own built-in authentication mechanism and integrates with LDAP services. It also has role-based access control (RBAC), so that you can control who can access and make changes to your cluster and applications1. However, image role-based access control is a feature of Docker Trusted Registry (DTR), which integrates with UCP and allows you to manage the images you use for your applications2. DTR lets you define granular permissions for images, such as who can push, pull, delete, or scan them3. References: Universal Control Plane overview), Docker Trusted Registry overview), Docker Access Control)

 Docker Content Trust (DCT) is a feature that allows users to verify the integrity and publisher of container images they pull or deploy from a registry server, signed on a Notary server12. DCT does not verify or encrypt the Docker registry TLS, which is a separate mechanism for securing the communication between the Docker client and the registry server. The purpose of DCT is to ensure that the images are not tampered with or maliciously modified by anyone other than the original publisher3. References:

• Content trust in Docker | Docker Docs
• Docker Content Trust: What It Is and How It Secures Container Images
• Automation with content trust | Docker Docs

 Better caching when building Docker images is an advantage of multi-stage builds. Multi-stage builds allow you to use multiple FROM statements in your Dockerfile, each starting a new stage of the build1. This can help you improve the caching efficiency of your Docker images, as each stage can use its own cache layer2. For example, if you have a stage that installs dependencies and another stage that compiles your code, you can reuse the cached layer of the dependencies stage if they don’t change, and only rebuild the code stage if it changes2. This can save you time and bandwidth when building and pushing your images. References:

• Multi-stage builds | Docker Docs
• What Are Multi-Stage Docker Builds? - How-To Geek