diff --git a/README.md b/README.md index 2bafb89..9971c46 100644 --- a/README.md +++ b/README.md @@ -83,21 +83,21 @@ The goal is to help candidates: * [Describe and demonstrate how to use certificate-based client-server authentication to ensure a Docker daemon has the rights to access images on a registry.](data/3_installation_and_configuration/cert_based_auth_registry.yaml) * [Describe the use of namespaces, cgroups, and certificate configuration.](data/3_installation_and_configuration/describe_namespaces_cgroups_certificates.yaml) * [Describe and interpret errors to troubleshoot installation issues without assistance.](data/3_installation_and_configuration/install_troubleshooting.yaml) -* [Describe and demonstrate the steps to deploy the Docker engine, UCP, and DTR on AWS and on-premises in an HA configuration.](data/3_installation_and_configuration/deploy_ucp_dtr_ha.yaml) -* [Describe and demonstrate how to configure backups for UCP and DTR.](data/3_installation_and_configuration/backup_ucp_dtr.yaml) +* [Describe and demonstrate the steps to deploy the Docker engine, UCP (now MKE), and DTR (now MSR) on AWS and on-premises in an HA configuration.](data/3_installation_and_configuration/deploy_ucp_dtr_ha.yaml) +* [Describe and demonstrate how to configure backups for UCP (now MKE) and DTR (now MSR).](data/3_installation_and_configuration/backup_ucp_dtr.yaml) ### Domain 4: Networking (15% of exam) * [Describe the Container Network Model and how it interfaces with the Docker engine and network and IPAM drivers.](data/4_Networking/container_network_model.yaml) * [Describe the different types and use cases for the built-in network drivers.](data/4_Networking/describe_different_types_use_cases_built_in_network_drivers.yaml) -* [Describe the types of traffic that flow between the Docker engine, registry and UCP controllers.](data/4_Networking/describe_engine_registry_ucp_traffic.yaml) +* [Describe the types of traffic that flow between the Docker engine, registry and UCP (now MKE) controllers.](data/4_Networking/describe_engine_registry_ucp_traffic.yaml) * [Describe and demonstrate how to create a Docker bridge network for developers to use for their containers.](data/4_Networking/bridge_network_create.yaml) * [Describe and demonstrate how to publish a port so that an application is accessible externally.](data/4_Networking/describe_demonstrate_publish_port_application_accessible_externally.yaml) * [Identify which IP and port a container is externally accessible on.](data/4_Networking/identify_container_ip_port.yaml) * [Compare and contrast “host” and “ingress” publishing modes.](data/4_Networking/compare_contrast_host_ingress_publishing_modes.yaml) * [Describe and demonstrate how to configure Docker to use external DNS.](data/4_Networking/configure_external_dns.yaml) -* [Describe and demonstrate how to use Docker to load balance HTTP/HTTPs traffic to an application (Configure L7 load balancing with Docker EE)](data/4_Networking/http_https_load_balancing.yaml). -* [Understand and describe the types of traffic that flow between the Docker engine, registry, and UCP controllers](data/4_Networking/understand_engine_registry_ucp_traffic.yaml) +* [Describe and demonstrate how to use Docker to load balance HTTP/HTTPs traffic to an application (Configure L7 load balancing with Docker Enterprise)](data/4_Networking/http_https_load_balancing.yaml). +* [Understand and describe the types of traffic that flow between the Docker engine, registry, and UCP (now MKE) controllers](data/4_Networking/understand_engine_registry_ucp_traffic.yaml) * [Describe and demonstrate how to deploy a service on a Docker overlay network.](data/4_Networking/deploy_overlay_service.yaml) * [Describe and demonstrate how to troubleshoot container and engine logs to resolve connectivity issues between containers.](data/4_Networking/troubleshoot_container_connectivity.yaml) * [Describe how to route traffic to Kubernetes pods using ClusterIP and NodePort services.](data/4_Networking/k8s_clusterip_nodeport.yaml) @@ -111,13 +111,13 @@ The goal is to help candidates: * [Describe swarm default security.](data/5_Security/swarm_default_security.yaml) * [Describe MTLS.](data/5_Security/describe_mtls.yaml) * [Describe identity roles.](data/5_Security/security_identity_roles.yaml) -* [Compare and contrast UCP workers and managers.](data/5_Security/compare_contrast_ucp_workers_managers.yaml) -* [Describe the process to use external certificates with UCP and DTR.](data/5_Security/external_certs_ucp_dtr.yaml) +* [Compare and contrast UCP (now MKE) workers and managers.](data/5_Security/compare_contrast_ucp_workers_managers.yaml) +* [Describe the process to use external certificates with UCP (now MKE) and DTR (now MSR).](data/5_Security/external_certs_ucp_dtr.yaml) * [Describe and demonstrate that an image passes a security scan.](data/5_Security/image_security_scan.yaml) * [Describe and demonstrate how to enable Docker Content Trust.](data/5_Security/describe_demonstrate_how_enable_docker_content_trust.yaml) -* [Describe and demonstrate how to configure RBAC with UCP.](data/5_Security/ucp_rbac_config.yaml) -* [Describe and demonstrate how to integrate UCP with LDAP/AD.](data/5_Security/ucp_ldap_ad_integration.yaml) -* [Describe and demonstrate how to create UCP client bundles.](data/5_Security/ucp_client_bundle.yaml) +* [Describe and demonstrate how to configure RBAC with UCP (now MKE).](data/5_Security/ucp_rbac_config.yaml) +* [Describe and demonstrate how to integrate UCP (now MKE) with LDAP/AD.](data/5_Security/ucp_ldap_ad_integration.yaml) +* [Describe and demonstrate how to create UCP (now MKE) client bundles.](data/5_Security/ucp_client_bundle.yaml) * [Describe Docker Bench for Security.](data/5_Security/docker_bench_security.yaml) * [Describe seccomp profiles.](data/5_Security/seccomp_profiles.yaml) * [Describe AppArmor and SELinux with Docker.](data/5_Security/apparmor_selinux.yaml) @@ -131,7 +131,7 @@ The goal is to help candidates: * [Compare and contrast object and block storage and when they should be used.](data/6_storage_and_volumes/contrast_object.yaml) * [Describe how an application is composed of layers and where these layers reside on the filesystem.](data/6_storage_and_volumes/layers_filesystem.yaml) * [Describe the use of volumes with Docker for persistent storage.](data/6_storage_and_volumes/persistent_storage.yaml) -* [Identify the steps to take to clean up unused images on a filesystem and DTR.](data/6_storage_and_volumes/unused_images.yaml) +* [Identify the steps to take to clean up unused images on a filesystem and DTR (now MSR).](data/6_storage_and_volumes/unused_images.yaml) * [Describe and demonstrate how storage can be used across cluster nodes.](data/6_storage_and_volumes/volume_cluster.yaml) * [Describe how to provision persistent storage to a Kubernetes pod using persistentVolumes.](data/6_storage_and_volumes/persistent_volumes.yaml) * [Describe the relationship between container storage interface drivers, storageClass, persistentVolumeClaim and volume objects in Kubernetes.](data/6_storage_and_volumes/relationship_storage_volume.yaml) @@ -154,7 +154,7 @@ Contributions are welcome! You can: * This is a community-driven, unofficial project. * It is not sponsored or endorsed by Docker Inc. or Mirantis. -* All trademarks such as “Docker”, “Mirantis”, “DTR”, and “UCP” are used only as references and remain the property of their respective owners. +* All trademarks such as "Docker", "Mirantis", "DTR" (now MSR), "UCP" (now MKE), "MKE", and "MSR" are used only as references and remain the property of their respective owners. * This repository contains only original content, created under fair use for educational purposes. * Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries. Docker, Inc. and other parties may also hold trademark rights to other terms used in this document. diff --git a/data/3_installation_and_configuration/backup_ucp_dtr.yaml b/data/3_installation_and_configuration/backup_ucp_dtr.yaml index 8e9b55f..24978ae 100644 --- a/data/3_installation_and_configuration/backup_ucp_dtr.yaml +++ b/data/3_installation_and_configuration/backup_ucp_dtr.yaml @@ -1,6 +1,6 @@ questions: - uuid: 2fd05cc9-0e15-4ac4-ae3b-9a49ac0380f6 - question: Which command allows you to back up UCP data? + question: Which command allows you to back up UCP (now MKE) data? answers: - { value: 'docker swarm backup', correct: false } - { value: 'docker ucp export', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/backup-restore.html - uuid: 0b122010-4d64-44ff-8153-f33c3dc3e2f0 - question: What must be done before performing a UCP restore? + question: What must be done before performing a UCP (now MKE) restore? answers: - { value: 'Stop the Docker service on the target node', correct: true } - { value: 'Delete all volumes', correct: false } @@ -18,7 +18,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/backup-restore.html#restore - uuid: fdc31b03-3093-4638-a77f-ef7b11860d88 - question: Which command allows you to back up a DTR instance? + question: Which command allows you to back up a DTR (now MSR) instance? answers: - { value: 'docker registry save', correct: false } - { value: 'docker dtr snapshot', correct: false } @@ -27,7 +27,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/backup-restore.html - uuid: fdbb11c1-6f7c-4e93-b487-c4ecdb6f315c - question: Which command is used to restore a DTR backup? + question: Which command is used to restore a DTR (now MSR) backup? answers: - { value: 'docker container exec dtr restore backup.tar', correct: false } - { value: 'docker dtr load backup.tar', correct: false } @@ -36,16 +36,16 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/backup-restore.html - uuid: 7b313274-0072-41a0-bd16-170c8672c845 - question: What is essential for a DTR restore to work correctly? + question: What is essential for a DTR (now MSR) restore to work correctly? answers: - { value: 'Have Docker Desktop installed', correct: false } - { value: 'Use only port 2376', correct: false } - { value: 'Be connected to the Internet', correct: false } - - { value: 'Use the same DTR version as the backup', correct: true } + - { value: 'Use the same DTR (now MSR) version as the backup', correct: true } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/backup-restore.html#restore-backup - uuid: 38f20494-3c31-4c83-9f39-b3e0b5c6db48 - question: Where are the critical UCP data stored that must be backed up? + question: Where are the critical UCP (now MKE) data stored that must be backed up? answers: - { value: '/opt/ucp', correct: false } - { value: '/var/ucp/data', correct: false } @@ -54,7 +54,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/backup-restore.html - uuid: 91f9d1ef-d40b-40fa-a45e-4cb95641727b - question: What is the best practice for scheduling UCP and DTR backups? + question: What is the best practice for scheduling UCP (now MKE) and DTR (now MSR) backups? answers: - { value: 'Automate the backup with scripts and store it outside the cluster', correct: true } - { value: 'Perform a manual backup once a month', correct: false } @@ -63,25 +63,25 @@ questions: help: https://docs.mirantis.com/mke/3.7/ops/disaster-recovery/back-up-mke/backup-considerations.html - uuid: 65ae1827-32ec-4d6f-84ed-f41fef47135e - question: Can a full UCP cluster be restored from a single backup? + question: Can a full UCP (now MKE) cluster be restored from a single backup? answers: - { value: 'No, UCP does not support restoration', correct: false } - - { value: 'Yes, if it was taken on a UCP manager with quorum', correct: true } + - { value: 'Yes, if it was taken on a UCP (now MKE) manager with quorum', correct: true } - { value: 'Yes, but only if Swarm is disabled', correct: false } - { value: 'No, a backup of each node is required', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/backup-restore.html - uuid: 32590a06-2d90-4b13-8c20-6e06ac3d00e0 - question: What is a common reason for failure when restoring a DTR backup? + question: What is a common reason for failure when restoring a DTR (now MSR) backup? answers: - { value: 'Lack of Internet access', correct: false } - - { value: 'Version incompatibility between the backup and the installed DTR', correct: true } + - { value: 'Version incompatibility between the backup and the installed DTR (now MSR)', correct: true } - { value: 'DTR already in HA mode', correct: false } - { value: 'Incorrectly named volume', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/backup-restore.html#restore-backup - uuid: 5cf798e7-d097-4992-8b7b-36b63329207d - question: What best practice should accompany UCP/DTR backups? + question: What best practice should accompany UCP (now MKE)/DTR (now MSR) backups? answers: - { value: 'Use only local backups', correct: false } - { value: 'Disable TLS to simplify restoration', correct: false } diff --git a/data/3_installation_and_configuration/deploy_ucp_dtr_ha.yaml b/data/3_installation_and_configuration/deploy_ucp_dtr_ha.yaml index 97c867e..ff1ff94 100644 --- a/data/3_installation_and_configuration/deploy_ucp_dtr_ha.yaml +++ b/data/3_installation_and_configuration/deploy_ucp_dtr_ha.yaml @@ -1,6 +1,6 @@ questions: - uuid: 8fdbfa8e-244d-46b8-9041-c74d649bca78 - question: Which command installs UCP on an existing Docker node? + question: Which command installs UCP (now MKE) on an existing Docker node? answers: - { value: 'docker install ucp', correct: false } - { value: 'docker ucp deploy', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/install/ - uuid: 7b11b126-0b6a-4fdf-979c-2e2d413fc3fd - question: How many manager nodes are required for an HA UCP setup with quorum? + question: How many manager nodes are required for an HA UCP (now MKE) setup with quorum? answers: - { value: '5', correct: false } - { value: '3', correct: true } @@ -18,7 +18,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/architecture/#high-availability - uuid: 2aeebc5e-b670-42b1-a5ff-8fa7ccedfe9e - question: Which command adds a new UCP manager node to an existing cluster? + question: Which command adds a new UCP (now MKE) manager node to an existing cluster? answers: - { value: 'docker swarm join --ucp-manager', correct: false } - { value: 'docker ucp add-manager', correct: false } @@ -27,7 +27,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/install/join-linux-nodes.html - uuid: 21ef8613-10b2-4e0f-a2f3-e2c1d1c8593f - question: Which command is recommended to install DTR on a UCP node? + question: Which command is recommended to install DTR (now MSR) on a UCP (now MKE) node? answers: - { value: 'docker dtr deploy', correct: false } - { value: 'docker registry install', correct: false } @@ -45,16 +45,16 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/ucp/on-aws/ - uuid: c41396d4-17f0-4a8a-9981-1b205728c9c5 - question: What requirement is necessary to deploy DTR in HA? + question: What requirement is necessary to deploy DTR (now MSR) in HA? answers: - { value: 'A latest tag on all images', correct: false } - { value: 'Shared or replicated persistent storage', correct: true } - { value: 'Root access on all workers', correct: false } - - { value: 'A single UCP manager', correct: false } + - { value: 'A single UCP (now MKE) manager', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/architecture/#high-availability - uuid: 85e4de92-7298-4217-9c7c-f3e3ea8c2e84 - question: Which command checks the status of UCP services after installation? + question: Which command checks the status of UCP (now MKE) services after installation? answers: - { value: 'docker swarm status', correct: false } - { value: 'docker ucp status', correct: false } @@ -63,16 +63,16 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/troubleshoot/ - uuid: e65f1c8b-fba5-434a-a1bb-b8461c1d1b2e - question: What is a good practice to balance load across UCP nodes in HA? + question: What is a good practice to balance load across UCP (now MKE) nodes in HA? answers: - { value: 'Disable TLS', correct: false } - { value: 'Use a node label', correct: false } - - { value: 'Use a load balancer in front of UCP managers', correct: true } + - { value: 'Use a load balancer in front of UCP (now MKE) managers', correct: true } - { value: 'Enable debug mode', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/architecture/#ucp-high-availability - uuid: e47cb7f3-ef17-4718-bbe1-6b13de8ae260 - question: Can UCP and DTR be deployed on the same nodes? + question: Can UCP (now MKE) and DTR (now MSR) be deployed on the same nodes? answers: - { value: 'No, except with Docker Desktop', correct: false } - { value: 'Yes, only on AWS', correct: false } @@ -81,7 +81,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/install/plan-your-installation.html - uuid: cdb987f6-48b6-4f4c-9f2f-c34c1c36c837 - question: Which option allows a secondary DTR node to synchronize with a primary node? + question: Which option allows a secondary DTR (now MSR) node to synchronize with a primary node? answers: - { value: '--standby', correct: false } - { value: '--join-token', correct: false } diff --git a/data/3_installation_and_configuration/describe_sizing_requirements_for_installation.yaml b/data/3_installation_and_configuration/describe_sizing_requirements_for_installation.yaml index 252de33..e278605 100644 --- a/data/3_installation_and_configuration/describe_sizing_requirements_for_installation.yaml +++ b/data/3_installation_and_configuration/describe_sizing_requirements_for_installation.yaml @@ -1,6 +1,6 @@ questions: - uuid: 915cfc8c-72d3-46a7-9797-fc980ef2452d - question: What is the minimum recommended number of CPUs for installing Docker Universal Control Plane (UCP)? + question: What is the minimum recommended number of CPUs for installing Docker Universal Control Plane (UCP, now MKE)? answers: - { value: '4', correct: true } - { value: '1', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.mirantis.com/mke/3.4/launchpad/lp-system-requirements.html - uuid: bbc16b4e-7291-4b64-9270-14b60c9a0d79 - question: What is the minimum amount of RAM recommended for a UCP manager node? + question: What is the minimum amount of RAM recommended for a UCP (now MKE) manager node? answers: - { value: '16 GB', correct: true } - { value: '8 GB', correct: false } @@ -27,7 +27,7 @@ questions: help: https://docs.docker.com/storage/storagedriver/overlayfs-driver/ - uuid: 67a48e29-32c3-4267-a931-c08b3cb0531b - question: For DTR (Docker Trusted Registry), what is the minimum disk space required per node? + question: For DTR (Docker Trusted Registry, now MSR), what is the minimum disk space required per node? answers: - { value: '50 GB', correct: false } - { value: '100 GB', correct: true } @@ -72,7 +72,7 @@ questions: help: https://docs.docker.com/storage/ - uuid: 05176b68-5a8b-4814-8753-ffec40440f12 - question: What is the typical port required to access UCP via a browser? + question: What is the typical port required to access UCP (now MKE) via a browser? answers: - { value: '8080', correct: false } - { value: '443', correct: true } diff --git a/data/3_installation_and_configuration/hub_users_teams.yaml b/data/3_installation_and_configuration/hub_users_teams.yaml index 56a6b16..76133cb 100644 --- a/data/3_installation_and_configuration/hub_users_teams.yaml +++ b/data/3_installation_and_configuration/hub_users_teams.yaml @@ -22,7 +22,7 @@ questions: answers: - { value: 'Yes, but only with a paid account', correct: false } - { value: 'No, a user is tied to only one organization', correct: false } - - { value: 'No, except with Docker Enterprise', correct: false } + - { value: 'No, except with Docker Enterprise (now Mirantis)', correct: false } - { value: 'Yes', correct: true } help: https://docs.docker.com/docker-hub/orgs/ diff --git a/data/4_Networking/describe_engine_registry_ucp_traffic.yaml b/data/4_Networking/describe_engine_registry_ucp_traffic.yaml index 4a47b7d..bc7b49f 100644 --- a/data/4_Networking/describe_engine_registry_ucp_traffic.yaml +++ b/data/4_Networking/describe_engine_registry_ucp_traffic.yaml @@ -9,7 +9,7 @@ questions: help: https://docs.docker.com/registry/spec/api/ - uuid: d593dd0b-20d6-4c81-a4b4-63d234b99bce - question: Which port is typically used for secure traffic between UCP controllers and Docker engines? + question: Which port is typically used for secure traffic between UCP (now MKE) controllers and Docker engines? answers: - { value: '5000', correct: false } - { value: '443', correct: true } @@ -18,7 +18,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/architecture/ucp-architecture.html - uuid: b2ea7eaf-813b-4e7f-a9ec-7819ff0f9695 - question: What kind of internal communication occurs between UCP manager nodes? + question: What kind of internal communication occurs between UCP (now MKE) manager nodes? answers: - { value: 'Raft protocol for consensus', correct: true } - { value: 'SSH command relays', correct: false } @@ -27,16 +27,16 @@ questions: help: https://docs.docker.com/engine/swarm/raft/ - uuid: 1cbf7d01-1bcd-49a4-a372-60bb524a1aa7 - question: Which service uses mutual TLS to authenticate communications with UCP? + question: Which service uses mutual TLS to authenticate communications with UCP (now MKE)? answers: - { value: 'Docker CLI only', correct: false } - { value: 'Docker engine', correct: true } - { value: 'External load balancer', correct: false } - - { value: 'DTR only', correct: false } + - { value: 'DTR (now MSR) only', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/architecture/ucp-architecture.html - uuid: 061dcd8d-255a-4cf3-8cf3-d663c34e5897 - question: How does UCP handle secure communications to its API? + question: How does UCP (now MKE) handle secure communications to its API? answers: - { value: 'By requiring clients to SSH tunnel into manager nodes', correct: false } - { value: 'By exposing a TLS-enabled HTTPS API on port 443', correct: true } diff --git a/data/4_Networking/http_https_load_balancing.yaml b/data/4_Networking/http_https_load_balancing.yaml index d2bcaaf..b0207c7 100644 --- a/data/4_Networking/http_https_load_balancing.yaml +++ b/data/4_Networking/http_https_load_balancing.yaml @@ -1,6 +1,6 @@ questions: - uuid: 4a1fc56e-2199-4a8a-a431-0b49966e1db2 - question: What built-in Docker EE feature provides Layer 7 load balancing for HTTP/HTTPS? + question: What built-in Docker Enterprise (now Mirantis) feature provides Layer 7 load balancing for HTTP/HTTPS? answers: - { value: 'Ingress overlay driver', correct: false } - { value: 'DNS round robin', correct: false } @@ -9,10 +9,10 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/interlock/index.html - uuid: 9189e0aa-8e84-4dcb-8d7b-4e1c87979c5e - question: Which Docker EE component is used to automatically route traffic to services based on host or path? + question: Which Docker Enterprise (now Mirantis) component is used to automatically route traffic to services based on host or path? answers: - { value: 'Swarm Gossip Protocol', correct: false } - - { value: 'UCP routing mesh', correct: false } + - { value: 'UCP (now MKE) routing mesh', correct: false } - { value: 'Docker Daemon Proxy', correct: false } - { value: 'Interlock with NGINX', correct: true } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/interlock/architecture.html @@ -36,7 +36,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/interlock/configuration/service-labels.html - uuid: 9e42e5fc-3877-4e8f-84ee-22d4463d0cb4 - question: What is required on the UCP node for Interlock to terminate HTTPS traffic? + question: What is required on the UCP (now MKE) node for Interlock to terminate HTTPS traffic? answers: - { value: 'Swarm manager in leader mode only', correct: false } - { value: 'Custom iptables rules', correct: false } diff --git a/data/4_Networking/understand_engine_registry_ucp_traffic.yaml b/data/4_Networking/understand_engine_registry_ucp_traffic.yaml index 5952407..f1513c2 100644 --- a/data/4_Networking/understand_engine_registry_ucp_traffic.yaml +++ b/data/4_Networking/understand_engine_registry_ucp_traffic.yaml @@ -1,6 +1,6 @@ questions: - uuid: ed1fc470-c68e-4bc2-a370-d3ad456c6b29 - question: What traffic is used between Docker engine and DTR when pulling signed images? + question: What traffic is used between Docker engine and DTR (now MSR) when pulling signed images? answers: - { value: 'SSH with verified fingerprints', correct: false } - { value: 'DNS-over-HTTPS', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.docker.com/engine/security/trust/ - uuid: 36802f55-cf02-4267-b5c2-40f98988292f - question: What is the main role of TLS in communications between UCP components? + question: What is the main role of TLS in communications between UCP (now MKE) components? answers: - { value: 'To enable NAT between subnets', correct: false } - { value: 'To encrypt and authenticate API and control traffic', correct: true } @@ -18,7 +18,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/architecture/ucp-architecture.html - uuid: 81e2853a-d116-4bce-a352-623ed2a0a3f2 - question: How is traffic from the Docker CLI to UCP authenticated? + question: How is traffic from the Docker CLI to UCP (now MKE) authenticated? answers: - { value: 'By using bearer tokens stored in secrets.json', correct: false } - { value: 'Using a client bundle with certificates and keys', correct: true } @@ -27,7 +27,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/user-access/cli-access.html - uuid: f68d7f5f-cd49-4639-bf56-d504f36a4423 - question: Which type of overlay network does UCP use for internal control traffic? + question: Which type of overlay network does UCP (now MKE) use for internal control traffic? answers: - { value: 'Plain IP forwarding', correct: false } - { value: 'Host networking with NAT', correct: false } diff --git a/data/5_Security/compare_contrast_ucp_workers_managers.yaml b/data/5_Security/compare_contrast_ucp_workers_managers.yaml index 1eff35a..a0a8f06 100644 --- a/data/5_Security/compare_contrast_ucp_workers_managers.yaml +++ b/data/5_Security/compare_contrast_ucp_workers_managers.yaml @@ -1,6 +1,6 @@ questions: - uuid: 38211d9e-34f3-4b3f-9015-c837acc741f7 - question: What is the main role of a UCP manager node? + question: What is the main role of a UCP (now MKE) manager node? answers: - { value: 'To manage the cluster state and orchestrate services', correct: true } - { value: 'To provide storage to the cluster', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.docker.com/datacenter/ucp/2.2/guides/architecture/ - uuid: d2133e4b-8121-4b96-8b6c-e3b01e26913c - question: What is the purpose of a UCP worker node? + question: What is the purpose of a UCP (now MKE) worker node? answers: - { value: 'To run containers and services scheduled by managers', correct: true } - { value: 'To configure TLS certificates', correct: false } @@ -18,7 +18,7 @@ questions: help: https://docs.docker.com/datacenter/ucp/2.2/guides/architecture/ - uuid: 1bb29ae7-3c69-4f5e-a899-b3f2312a69cf - question: Which nodes in UCP can access the control plane? + question: Which nodes in UCP (now MKE) can access the control plane? answers: - { value: 'Manager nodes only', correct: true } - { value: 'Only nodes with secrets', correct: false } @@ -27,7 +27,7 @@ questions: help: https://docs.docker.com/datacenter/ucp/2.2/guides/architecture/ - uuid: e8ed4b37-4703-4f82-9471-ec42be7e217e - question: What happens if all UCP manager nodes fail? + question: What happens if all UCP (now MKE) manager nodes fail? answers: - { value: 'The cluster loses control plane access and cannot schedule new tasks', correct: true } - { value: 'Worker nodes promote themselves automatically', correct: false } @@ -36,7 +36,7 @@ questions: help: https://docs.docker.com/datacenter/ucp/2.2/guides/architecture/ - uuid: 54244b0b-b9fc-4b3f-887a-c75889ffbe2f - question: Which of the following best describes a UCP worker node? + question: Which of the following best describes a UCP (now MKE) worker node? answers: - { value: 'It handles volume plugins', correct: false } - { value: 'It manages access control policies', correct: false } @@ -45,7 +45,7 @@ questions: help: https://docs.docker.com/datacenter/ucp/2.2/guides/architecture/ - uuid: 5e73fd94-128d-4b2d-bd25-4bc9dcbe914f - question: How can you ensure high availability for UCP manager nodes? + question: How can you ensure high availability for UCP (now MKE) manager nodes? answers: - { value: 'Deploy all managers on the same host', correct: false } - { value: 'Run an odd number of managers distributed across hosts', correct: true } @@ -54,7 +54,7 @@ questions: help: https://docs.docker.com/datacenter/ucp/2.2/guides/architecture/ - uuid: 56b99163-baf8-4c3f-8a4b-5a31352f150c - question: Can UCP worker nodes be promoted to manager roles? + question: Can UCP (now MKE) worker nodes be promoted to manager roles? answers: - { value: 'Yes, using Docker CLI or UI', correct: true } - { value: 'Only on Kubernetes clusters', correct: false } @@ -63,7 +63,7 @@ questions: help: https://docs.docker.com/reference/cli/docker/node/promote/ - uuid: 6a314420-c878-4d32-9472-91c287c8eeed - question: Why should the number of UCP managers be odd? + question: Why should the number of UCP (now MKE) managers be odd? answers: - { value: 'To save RAM', correct: false } - { value: 'To reduce network hops', correct: false } @@ -72,7 +72,7 @@ questions: help: https://docs.docker.com/engine/swarm/raft/ - uuid: a00efea0-78b0-4f68-82aa-85993f13d2d4 - question: Which type of node has access to UCP's RBAC enforcement and API? + question: Which type of node has access to UCP''s (now MKE) RBAC enforcement and API? answers: - { value: 'All overlay networks', correct: false } - { value: 'Worker nodes', correct: false } diff --git a/data/5_Security/external_certs_ucp_dtr.yaml b/data/5_Security/external_certs_ucp_dtr.yaml index 338ae14..d14f1e0 100644 --- a/data/5_Security/external_certs_ucp_dtr.yaml +++ b/data/5_Security/external_certs_ucp_dtr.yaml @@ -1,6 +1,6 @@ questions: - uuid: b61f1b5e-d74e-432e-bc14-d1d8f58ab8c1 - question: What is the purpose of using external certificates in UCP/DTR? + question: What is the purpose of using external certificates in UCP (now MKE)/DTR (now MSR)? answers: - { value: 'Authenticate connections with certificates issued by a trusted authority', correct: true } - { value: 'Replace Docker Hub as the image source', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/tls/external-ca.html - uuid: 72e2c462-56b4-44e9-9e88-9fa63129a548 - question: Which files are required to use an external certificate in UCP? + question: Which files are required to use an external certificate in UCP (now MKE)? answers: - { value: 'A signed image', correct: false } - { value: 'A server certificate, a private key, and a CA chain', correct: true } @@ -18,7 +18,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/tls/external-ca.html#prerequisites - uuid: 61c27520-172b-457f-8727-b709c4f81b99 - question: Which command is used to replace existing UCP certificates? + question: Which command is used to replace existing UCP (now MKE) certificates? answers: - { value: 'docker swarm tls renew', correct: false } - { value: 'docker container run --rm -v $(pwd):/certs docker/ucp replace-certs', correct: true } @@ -27,7 +27,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/tls/rotate-ca.html - uuid: 2833a6f3-d478-48c3-874b-8f47dc59a1fa - question: Which command configures DTR with an external CA after installation? + question: Which command configures DTR (now MSR) with an external CA after installation? answers: - { value: 'docker container exec dtr set-cert', correct: false } - { value: 'docker dtr certs reload', correct: false } @@ -36,7 +36,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/install/use-external-ca.html - uuid: 3c0d3b9e-77e2-4ef9-bf2f-b607c12666da - question: At what point can external certificates be provided during UCP installation? + question: At what point can external certificates be provided during UCP (now MKE) installation? answers: - { value: 'Directly with the --external-server-cert option', correct: true } - { value: 'By modifying the UCP Dockerfile', correct: false } @@ -45,12 +45,12 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/tls/external-ca.html#during-installation - uuid: 9c88f204-cb01-49b1-9c14-1202b765d08a - question: What happens if UCP certificates expire and are not renewed in time? + question: What happens if UCP (now MKE) certificates expire and are not renewed in time? answers: - { value: 'Swarm is automatically recreated', correct: false } - { value: 'Containers are deleted', correct: false } - - { value: 'The UCP dashboard becomes inaccessible over HTTPS', correct: true } - - { value: 'DTR switches to read-only mode', correct: false } + - { value: 'The UCP (now MKE) dashboard becomes inaccessible over HTTPS', correct: true } + - { value: 'DTR (now MSR) switches to read-only mode', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/tls/rotate-ca.html - uuid: 6ac7dc55-ff07-4190-aed5-10c8ef730ec8 @@ -58,21 +58,21 @@ questions: answers: - { value: 'To connect to Docker Hub', correct: false } - { value: 'So clients can validate the entire chain of trust up to the root CA', correct: true } - - { value: 'To enable UCP clustering', correct: false } + - { value: 'To enable UCP (now MKE) clustering', correct: false } - { value: 'To enable persistent volumes', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/tls/external-ca.html#prerequisites - uuid: 4d9e2259-c0d5-4062-91b5-0a3dbbeffcb8 - question: Can DTR TLS certificates be replaced without downtime? + question: Can DTR (now MSR) TLS certificates be replaced without downtime? answers: - { value: 'Yes, using reconfigure in rolling mode', correct: true } - - { value: 'No, DTR must be reinstalled', correct: false } + - { value: 'No, DTR (now MSR) must be reinstalled', correct: false } - { value: 'Yes, but only with Docker Desktop', correct: false } - { value: 'No, because certificates are immutable', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/install/use-external-ca.html#replace-existing-certificates - uuid: b7d019c6-7c9b-464c-ae0e-ec64927a0149 - question: What format must the certificates and keys provided to UCP/DTR follow? + question: What format must the certificates and keys provided to UCP (now MKE)/DTR (now MSR) follow? answers: - { value: 'PEM (base64 encoded)', correct: true } - { value: 'PKCS#11 token', correct: false } diff --git a/data/5_Security/image_security_scan.yaml b/data/5_Security/image_security_scan.yaml index 8ec4eb3..9bdfce2 100644 --- a/data/5_Security/image_security_scan.yaml +++ b/data/5_Security/image_security_scan.yaml @@ -1,15 +1,15 @@ questions: - uuid: b36df24b-b1b6-47a2-b8c1-4d0b4c98f689 - question: Which platform in Docker Enterprise allows scanning images for vulnerabilities? + question: Which platform in Docker Enterprise (now Mirantis) allows scanning images for vulnerabilities? answers: - - { value: 'UCP (Universal Control Plane)', correct: false } + - { value: 'UCP (Universal Control Plane, now MKE)', correct: false } - { value: 'Docker Hub', correct: false } - - { value: 'DTR (Docker Trusted Registry)', correct: true } + - { value: 'DTR (Docker Trusted Registry, now MSR)', correct: true } - { value: 'Docker CLI', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/security/scan-images.html - uuid: 3d30c8d6-bfcb-4bb5-b066-0b31633c7a2b - question: When is a security scan triggered on an image in DTR? + question: When is a security scan triggered on an image in DTR (now MSR)? answers: - { value: 'Only manually from the UI', correct: false } - { value: 'Immediately after the image is pushed', correct: true } @@ -18,7 +18,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/security/scan-images.html#image-scanning-flow - uuid: 6e5297cf-98c5-4978-a5a2-d9b87f119038 - question: Which status in DTR indicates that an image has no critical vulnerabilities? + question: Which status in DTR (now MSR) indicates that an image has no critical vulnerabilities? answers: - { value: 'ScanPending', correct: false } - { value: 'Pass', correct: true } @@ -27,16 +27,16 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/security/scan-images.html#scan-results - uuid: 51bd227f-7df8-48b4-8f90-1e88100cf037 - question: Where can the security results of an image be viewed in DTR? + question: Where can the security results of an image be viewed in DTR (now MSR)? answers: - - { value: 'In the DTR web interface under the specific image', correct: true } + - { value: 'In the DTR (now MSR) web interface under the specific image', correct: true } - { value: 'In the Swarm configuration', correct: false } - { value: 'On Docker Hub in the Security tab', correct: false } - { value: 'Using docker scan ', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/security/scan-images.html#scan-results - uuid: 4a4210c4-93dc-49f2-a00e-204660a0ccba - question: What type of vulnerabilities are detected by the DTR scanner? + question: What type of vulnerabilities are detected by the DTR (now MSR) scanner? answers: - { value: 'Dockerfile syntax errors', correct: false } - { value: 'Flaws in volumes', correct: false } @@ -57,13 +57,13 @@ questions: question: Is it possible to block the execution of vulnerable images using rules? answers: - { value: 'No, Docker does not offer this level of security', correct: false } - - { value: 'Yes, with admission rules in UCP', correct: true } + - { value: 'Yes, with admission rules in UCP (now MKE)', correct: true } - { value: 'Yes, but only on Docker Desktop', correct: false } - { value: 'Yes, but only via Docker Hub Pro', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/admission-control.html - uuid: a7e14311-5b38-4dd3-bf88-76d881e5e5bc - question: What vulnerability source is used by the DTR scanner? + question: What vulnerability source is used by the DTR (now MSR) scanner? answers: - { value: 'The NIST CVE (National Vulnerability Database)', correct: true } - { value: 'Dockerfile linting', correct: false } @@ -72,7 +72,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/security/scan-images.html#scanner - uuid: 4dd21887-b9a0-41ae-b39e-0ef360f3c264 - question: What does the “ScanPending” status mean for an image in DTR? + question: What does the "ScanPending" status mean for an image in DTR (now MSR)? answers: - { value: 'No issues detected', correct: false } - { value: 'The scan is running or scheduled but not yet complete', correct: true } diff --git a/data/5_Security/security_identity_roles.yaml b/data/5_Security/security_identity_roles.yaml index 439bad5..73b3c29 100644 --- a/data/5_Security/security_identity_roles.yaml +++ b/data/5_Security/security_identity_roles.yaml @@ -1,6 +1,6 @@ questions: - uuid: 3aeb8d79-c346-4f29-95c7-3245ac9c7cb6 - question: In UCP, what does RBAC stand for? + question: In UCP (now MKE), what does RBAC stand for? answers: - { value: 'Role-Based Access Control', correct: true } - { value: 'Registry-Based Access Control', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/ - uuid: 6f0a6a9e-3e91-472c-bd1c-8bdf1b179c92 - question: Which built-in RBAC role grants read-only access to UCP resources? + question: Which built-in RBAC role grants read-only access to UCP (now MKE) resources? answers: - { value: 'ViewOnly', correct: true } - { value: 'AuditRead', correct: false } @@ -27,7 +27,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/default-roles.html - uuid: 4b4ff307-79f0-4e5a-8c87-0ae4b21b1ef4 - question: Which UCP role grants full access to resource actions? + question: Which UCP (now MKE) role grants full access to resource actions? answers: - { value: 'Operator', correct: false } - { value: 'RestrictedControl', correct: false } @@ -36,7 +36,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/default-roles.html - uuid: 34781fc8-f57b-48e2-9b0e-4f2bbd54f5da - question: Which entity can be assigned an RBAC role in UCP? + question: Which entity can be assigned an RBAC role in UCP (now MKE)? answers: - { value: 'A container', correct: false } - { value: 'A volume', correct: false } @@ -45,7 +45,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/manage-access.html - uuid: 05818c2f-b3c5-4dbb-939f-0ad5f98112c1 - question: What does the scope of a role in UCP define? + question: What does the scope of a role in UCP (now MKE) define? answers: - { value: 'The number of allowed actions', correct: false } - { value: 'The priority level of the role', correct: false } diff --git a/data/5_Security/ucp_client_bundle.yaml b/data/5_Security/ucp_client_bundle.yaml index b49f353..c3fc84f 100644 --- a/data/5_Security/ucp_client_bundle.yaml +++ b/data/5_Security/ucp_client_bundle.yaml @@ -1,15 +1,15 @@ questions: - uuid: 2b30bb2a-07de-44ae-835c-6b9117ab05f9 - question: What is the primary purpose of a UCP client bundle? + question: What is the primary purpose of a UCP (now MKE) client bundle? answers: - - { value: 'Connect DTR to Docker Hub', correct: false } + - { value: 'Connect DTR (now MSR) to Docker Hub', correct: false } - { value: 'Back up Docker volumes', correct: false } - - { value: 'Allow a user to connect to UCP via the Docker CLI with secure authentication', correct: true } - - { value: 'Deploy a new UCP instance', correct: false } + - { value: 'Allow a user to connect to UCP (now MKE) via the Docker CLI with secure authentication', correct: true } + - { value: 'Deploy a new UCP (now MKE) instance', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/user-access/create-client-bundle.html - uuid: a7c3c109-2b07-44b4-8418-7d171fc6fe95 - question: What does a UCP client bundle contain? + question: What does a UCP (now MKE) client bundle contain? answers: - { value: 'TLS certificates and Docker CLI configuration', correct: true } - { value: 'Log history', correct: false } @@ -45,12 +45,12 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/user-access/create-client-bundle.html#use-client-bundle - uuid: 74e6e693-d376-486e-8d9e-79d60ce0bb0a - question: What condition must be met for a UCP user to download their client bundle? + question: What condition must be met for a UCP (now MKE) user to download their client bundle? answers: - - { value: 'Have access to DTR', correct: false } + - { value: 'Have access to DTR (now MSR)', correct: false } - { value: 'Be logged in as root', correct: false } - { value: 'Be a member of the Admin team only', correct: false } - - { value: 'Have the `Generate Client Bundle` permission in their UCP role', correct: true } + - { value: 'Have the `Generate Client Bundle` permission in their UCP (now MKE) role', correct: true } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/user-access/create-client-bundle.html#access-control - uuid: 2ea49720-6b0d-4391-b5f7-24fae88a07d5 @@ -59,7 +59,7 @@ questions: - { value: 'Because it blocks port 443', correct: false } - { value: 'Because it contains private certificates and keys specific to a user', correct: true } - { value: 'Because it expires every 2 minutes', correct: false } - - { value: 'Because it contains the UCP image', correct: false } + - { value: 'Because it contains the UCP (now MKE) image', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/user-access/create-client-bundle.html#security - uuid: c9390103-5a79-4a50-92d8-9a2b17804287 diff --git a/data/5_Security/ucp_ldap_ad_integration.yaml b/data/5_Security/ucp_ldap_ad_integration.yaml index 98d5513..e431ecc 100644 --- a/data/5_Security/ucp_ldap_ad_integration.yaml +++ b/data/5_Security/ucp_ldap_ad_integration.yaml @@ -1,6 +1,6 @@ questions: - uuid: 15717e2b-bb77-46b7-b2aa-659e34d82a50 - question: What is the main purpose of integrating UCP with LDAP or Active Directory? + question: What is the main purpose of integrating UCP (now MKE) with LDAP or Active Directory? answers: - { value: 'Speed up image transfers', correct: false } - { value: 'Enable centralized user authentication', correct: true } @@ -9,7 +9,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/idmgmt/external-auth/index.html - uuid: 3a90c8f2-7f4d-4608-8e6d-bf1327384d3c - question: Which UCP option allows mapping LDAP groups to teams? + question: Which UCP (now MKE) option allows mapping LDAP groups to teams? answers: - { value: 'Federated Login Sync', correct: false } - { value: 'RBAC Sync', correct: false } @@ -27,16 +27,16 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/idmgmt/external-auth/index.html#required-settings - uuid: 14f7ac14-41f4-41ec-b2a0-47d8eb0ff705 - question: Which interface allows configuring LDAP in UCP? + question: Which interface allows configuring LDAP in UCP (now MKE)? answers: - { value: '/etc/docker/ucp-ldap.conf file', correct: false } - - { value: 'Web Admin interface or UCP API', correct: true } + - { value: 'Web Admin interface or UCP (now MKE) API', correct: true } - { value: 'docker config set --ldap', correct: false } - { value: 'kubectl CLI', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/idmgmt/external-auth/index.html#configure-authentication - uuid: fbd028b4-832e-42cb-80b2-baa87d7353b9 - question: Which secure protocol is recommended for the connection between UCP and LDAP? + question: Which secure protocol is recommended for the connection between UCP (now MKE) and LDAP? answers: - { value: 'LDAPS (LDAP over SSL/TLS)', correct: true } - { value: 'HTTP', correct: false } @@ -45,7 +45,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/idmgmt/external-auth/index.html#required-settings - uuid: 44a75e71-464f-44d5-b7aa-1e59e35c02a0 - question: Which field must be filled in for UCP to query the LDAP server? + question: Which field must be filled in for UCP (now MKE) to query the LDAP server? answers: - { value: 'Node Token', correct: false } - { value: 'Image Pull Secret', correct: false } @@ -54,7 +54,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/idmgmt/external-auth/index.html#required-settings - uuid: 4207e0d3-dc14-4666-b245-68e6895f10d4 - question: Once LDAP is configured, how are users added in UCP? + question: Once LDAP is configured, how are users added in UCP (now MKE)? answers: - { value: 'Manually via CSV import', correct: false } - { value: 'Automatically upon first successful login', correct: true } diff --git a/data/5_Security/ucp_rbac_config.yaml b/data/5_Security/ucp_rbac_config.yaml index 150362f..763e09b 100644 --- a/data/5_Security/ucp_rbac_config.yaml +++ b/data/5_Security/ucp_rbac_config.yaml @@ -1,6 +1,6 @@ questions: - uuid: 0fc6d4e7-0179-48bb-b7e8-2a391d0c57f3 - question: What does RBAC mean in the context of Docker UCP? + question: What does RBAC mean in the context of Docker UCP (now MKE)? answers: - { value: 'Role-Based Access Control', correct: true } - { value: 'Remote Backup Admin Console', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/ - uuid: e271c7fd-2315-4d19-a08c-5bd614746847 - question: Which UCP component allows defining roles and permissions? + question: Which UCP (now MKE) component allows defining roles and permissions? answers: - { value: 'RBAC', correct: true } - { value: 'Compose CLI', correct: false } @@ -18,7 +18,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/ - uuid: 80129f0d-e8de-4034-97b0-96178b39b2e6 - question: Which entity can be assigned an RBAC role in UCP? + question: Which entity can be assigned an RBAC role in UCP (now MKE)? answers: - { value: 'A volume', correct: false } - { value: 'A user or a team', correct: true } @@ -27,7 +27,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/manage-access.html - uuid: c4c84f21-5d8d-4e1d-8ab2-0ef03c88b9b7 - question: What is the possible scope of a role in UCP? + question: What is the possible scope of a role in UCP (now MKE)? answers: - { value: 'Domain name, DNS, logs', correct: false } - { value: 'Service, namespace, container, node', correct: true } @@ -36,7 +36,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/ - uuid: 8e352f44-30f3-42b4-b503-4c99ec93e764 - question: Which RBAC role allows view-only access to resources in UCP? + question: Which RBAC role allows view-only access to resources in UCP (now MKE)? answers: - { value: 'Operator', correct: false } - { value: 'AdminAccess', correct: false } @@ -54,16 +54,16 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/manage-access.html - uuid: c1a99418-b50c-4e5a-9186-e28eb8d46f86 - question: Where can RBAC roles be managed in UCP? + question: Where can RBAC roles be managed in UCP (now MKE)? answers: - { value: 'In the /etc/docker/daemon.json file', correct: false } - { value: 'In the Dockerfile', correct: false } - { value: 'Only with kubectl', correct: false } - - { value: 'In the UCP web interface or via API', correct: true } + - { value: 'In the UCP (now MKE) web interface or via API', correct: true } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/manage-access.html - uuid: f4960718-c05b-4f09-85ee-2e21a3fdde2d - question: Can custom RBAC roles be created in UCP? + question: Can custom RBAC roles be created in UCP (now MKE)? answers: - { value: 'Yes, but only for registries', correct: false } - { value: 'No, this requires Docker Hub Pro', correct: false } @@ -72,9 +72,9 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/custom-roles.html - uuid: a56ae8b1-7054-4c41-8461-2d89c35c4f0a - question: Which API allows automating RBAC configuration in UCP? + question: Which API allows automating RBAC configuration in UCP (now MKE)? answers: - - { value: 'UCP RBAC HTTP API', correct: true } + - { value: 'UCP (now MKE) RBAC HTTP API', correct: true } - { value: 'Kubernetes RBAC CRDs', correct: false } - { value: 'Docker Swarm REST API', correct: false } - { value: 'Docker CLI scan API', correct: false }