CertGrid
Docker Certification

DCA: Docker Certified Associate Practice Exam

Validates expertise in Docker containerization including orchestration, image management, networking, security, and storage.

Practice 462 exam-style DCA questions with full answer explanations, then take timed mock exams that score like the real thing.

Start practicing free Sign in
462
Practice questions
55
On the real exam
650
Passing score
90 min
Exam length

What the DCA exam covers

Free DCA sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 462.

  1. Question 1Orchestration

    Which command is used to initialize a Docker Swarm cluster on a manager node?

    • Adocker swarm initCorrect
    • Bdocker node init
    • Cdocker swarm create
    • Ddocker cluster init
    ✓ Correct answer: A

    The 'docker swarm init' command is the proper initialization command that configures the current node as a Swarm manager and establishes the manager certificate. It generates the initial manager token and worker join tokens, setting up the foundational Swarm cluster infrastructure. This command must be executed once on the first manager node before any additional nodes can join the cluster.

    Why the other options are wrong
    • Bdocker node init is incorrect because 'docker node' commands manage existing nodes in a cluster, not initialize the Swarm cluster itself; there is no 'node init' subcommand in Docker.
    • Cdocker swarm create is incorrect because the proper subcommand is 'init' not 'create'; Docker does not use 'swarm create' for cluster initialization.
    • Ddocker cluster init is incorrect because Docker uses 'swarm' terminology and not 'cluster' in its command structure for manager node initialization.
  2. Question 2Orchestration

    An engineer runs 'docker service ls' and sees a service with 0/3 replicas. Which command should they use first to investigate the issue?

    • Adocker service ps <service_name>Correct
    • Bdocker service inspect <service_name>
    • Cdocker service logs <service_name>
    • Ddocker node ls
    ✓ Correct answer: A

    This is the correct answer based on Docker Swarm specifications and best practices. The answer directly addresses the technical requirement stated in the question. Understanding this concept is essential for managing containerized applications in Swarm mode.

    Why the other options are wrong
    • Bdocker service inspect <service_name> is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
    • Cdocker service logs <service_name> is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
    • Ddocker node ls is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
  3. Question 3Image Creation, Management, and Registry

    What happens when you push an image to Docker Hub without specifying a tag?

    • AThe push operation fails
    • BThe image is pushed with the 'latest' tagCorrect
    • CAll tags for that image are pushed
    • DThe image is pushed without any tag
    ✓ Correct answer: B

    This is the correct answer based on Docker Swarm specifications and best practices. The answer directly addresses the technical requirement stated in the question. Understanding this concept is essential for managing containerized applications in Swarm mode.

    Why the other options are wrong
    • AThe push operation fails is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
    • CAll tags for that image are pushed is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
    • DThe image is pushed without any tag is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
  4. Question 4Image Creation, Management, and RegistrySelect all that apply

    Which TWO of the following Dockerfile instructions create new layers in the final image?

    • AUN apt-get update && apt-get install -y nginxCorrect
    • BXPOSE 8080
    • CABEL maintainer="admin@example.com"
    • DOPY requirements.txt /app/Correct
    • ENV APP_VERSION=1.0
    ✓ Correct answer: A, D

    These are the correct answers based on Docker Swarm specifications. Both answers are technically accurate and represent valid Docker Swarm features or commands. Understanding both concepts is essential for comprehensive Swarm cluster management.

    Why the other options are wrong
    • BXPOSE 8080 is incorrect because it does not meet the technical requirements or represents invalid Docker Swarm syntax or features.
    • CABEL maintainer="admin@example.com" is incorrect because it does not meet the technical requirements or represents invalid Docker Swarm syntax or features.
    • ENV APP_VERSION=1.0 is incorrect because it does not meet the technical requirements or represents invalid Docker Swarm syntax or features.
  5. Question 5Image Creation, Management, and Registry

    An engineer needs to understand the size contribution of each layer in a Docker image to optimize it. Which command provides this information?

    • Adocker image inspect myimage
    • Bdocker image ls myimage
    • Cdocker image history myimageCorrect
    • Ddocker image diff myimage
    ✓ Correct answer: C

    This is the correct answer based on Docker Swarm specifications and best practices. The answer directly addresses the technical requirement stated in the question. Understanding this concept is essential for managing containerized applications in Swarm mode.

    Why the other options are wrong
    • Adocker image inspect myimage is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
    • Bdocker image ls myimage is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
    • Ddocker image diff myimage is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
  6. Question 6Installation and Configuration

    Which logging driver does Docker use by default?

    • Ajson-fileCorrect
    • BFluentd
    • Cjournald
    • Dsyslog
    ✓ Correct answer: A

    This is the correct answer based on Docker Swarm specifications and best practices. The answer directly addresses the technical requirement stated in the question. Understanding this concept is essential for managing containerized applications in Swarm mode.

    Why the other options are wrong
    • BFluentd is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
    • Cjournald is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
    • Dsyslog is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
  7. Question 7Installation and Configuration

    Which Linux kernel feature does Docker use to limit the CPU, memory, and I/O resources available to a container?

    • AControl groups (cgroups)Correct
    • BAppArmor
    • CNamespaces
    • DSELinux
    ✓ Correct answer: A

    This is the correct answer based on Docker Swarm specifications and best practices. The answer directly addresses the technical requirement stated in the question. Understanding this concept is essential for managing containerized applications in Swarm mode.

    Why the other options are wrong
    • BAppArmor is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
    • CNamespaces is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
    • DSELinux is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
  8. Question 8Installation and ConfigurationSelect all that apply

    Which of the following are valid methods to configure the Docker daemon? (Select TWO)

    • ASetting environment variables prefixed with DOCKER_DAEMON_
    • BModifying the /etc/docker/config.json file
    • CPassing flags to the dockerd commandCorrect
    • DEditing the /etc/docker/daemon.json fileCorrect
    ✓ Correct answer: C, D

    These are the correct answers based on Docker Swarm specifications. Both answers are technically accurate and represent valid Docker Swarm features or commands. Understanding both concepts is essential for comprehensive Swarm cluster management.

    Why the other options are wrong
    • ASetting environment variables prefixed with DOCKER_DAEMON_ is incorrect because it does not meet the technical requirements or represents invalid Docker Swarm syntax or features.
    • Bmodifying the /etc/docker/config.json file is incorrect because it does not meet the technical requirements or represents invalid Docker Swarm syntax or features.
  9. Question 9Installation and Configuration

    An organization requires all Docker images to be pulled exclusively from their private registry (registry.internal.com) and wants to block pulls from Docker Hub. Which daemon configuration option supports this requirement?

    • AUse a network firewall to block outbound connections to Docker Hub and configure registry mirrorsCorrect
    • BConfigure 'blocked-registries' to block Docker Hub in daemon.json
    • CSet 'default-registry' to registry.internal.com in daemon.json
    • DConfigure 'allow-nondistributable-artifacts' in daemon.json
    ✓ Correct answer: A

    This is the correct answer based on Docker Swarm specifications and best practices. The answer directly addresses the technical requirement stated in the question. Understanding this concept is essential for managing containerized applications in Swarm mode.

    Why the other options are wrong
    • BConfigure 'blocked-registries' to block Docker Hub in daemon.json is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
    • CSet 'default-registry' to registry.internal.com in daemon.json is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
    • DConfigure 'allow-nondistributable-artifacts' in daemon.json is incorrect because it does not properly address the requirement or uses incorrect Docker syntax and terminology.
  10. Question 10SecuritySelect all that apply

    Which of the following are Linux kernel security features that Docker leverages to protect containers? (Select TWO)

    • ASSH tunneling
    • Bseccomp profilesCorrect
    • CAppArmor or SELinuxCorrect
    • DTLS certificates
    ✓ Correct answer: B, C

    Docker leverages seccomp (Secure Computing Mode) profiles to restrict the system calls that containers can make, blocking approximately 44 dangerous syscalls by default. Docker also uses mandatory access control systems like AppArmor (on Ubuntu/Debian) or SELinux (on RHEL/CentOS) to confine container processes with predefined security policies that limit file access, network operations, and other kernel interactions. Both of these are Linux kernel security features that provide defense-in-depth for container isolation.

    Why the other options are wrong
    • ASSH tunneling is incorrect because SSH tunneling is an application-level encrypted communication protocol, not a Linux kernel security feature; Docker does not use SSH tunneling as a container security mechanism.
    • DTLS certificates is incorrect because TLS certificates are used for transport-layer encryption and authentication between Docker components (client-daemon, node-to-node), not as a Linux kernel security feature for container isolation.
Unlock all 462 DCA questions

DCA practice exam FAQ

How many questions are in the DCA practice exam on CertGrid?

CertGrid has 462 practice questions for DCA: Docker Certified Associate, covering 6 exam domains. The real DCA exam has about 55 questions.

What is the passing score for DCA?

The DCA exam passing score is 650, and you have about 90 minutes to complete it. CertGrid scores your practice attempts the same way so you know when you are ready.

Are these official DCA exam questions?

No. CertGrid is an independent practice platform. Questions are written to mirror the style and concepts of DCA: Docker Certified Associate, with full explanations, but they are not official or copied vendor exam items. They are original practice questions designed to help you genuinely learn the material.

Can I practice DCA for free?

Yes. You can start practicing DCA: Docker Certified Associate for free with daily practice and sample questions. Paid plans unlock full timed exams, complete explanations, and domain analytics.