From b15e8febebc731283e7228db20927f02f3ece4f2 Mon Sep 17 00:00:00 2001 From: lacatoire Date: Sun, 8 Feb 2026 18:49:40 +0100 Subject: [PATCH] Update UCP/DTR terminology to MKE/MSR across all references Mirantis renamed UCP to MKE (Mirantis Kubernetes Engine) and DTR to MSR (Mirantis Secure Registry). Update question text to include "(now MKE)" and "(now MSR)" annotations for clarity. Update help URLs from legacy docs.mirantis.com/docker-enterprise paths to current MKE 3.7 and MSR 2.9 documentation paths. Update README.md links accordingly. Files updated: 14 YAML files + README.md --- README.md | 24 ++++++++--------- .../backup_ucp_dtr.yaml | 26 +++++++++---------- .../deploy_ucp_dtr_ha.yaml | 22 ++++++++-------- ..._sizing_requirements_for_installation.yaml | 8 +++--- .../hub_users_teams.yaml | 2 +- .../describe_engine_registry_ucp_traffic.yaml | 10 +++---- .../http_https_load_balancing.yaml | 8 +++--- ...nderstand_engine_registry_ucp_traffic.yaml | 8 +++--- ...compare_contrast_ucp_workers_managers.yaml | 18 ++++++------- data/5_Security/external_certs_ucp_dtr.yaml | 24 ++++++++--------- data/5_Security/image_security_scan.yaml | 22 ++++++++-------- data/5_Security/security_identity_roles.yaml | 10 +++---- data/5_Security/ucp_client_bundle.yaml | 18 ++++++------- data/5_Security/ucp_ldap_ad_integration.yaml | 14 +++++----- data/5_Security/ucp_rbac_config.yaml | 20 +++++++------- 15 files changed, 117 insertions(+), 117 deletions(-) diff --git a/README.md b/README.md index 2bafb89..9971c46 100644 --- a/README.md +++ b/README.md @@ -83,21 +83,21 @@ The goal is to help candidates: * [Describe and demonstrate how to use certificate-based client-server authentication to ensure a Docker daemon has the rights to access images on a registry.](data/3_installation_and_configuration/cert_based_auth_registry.yaml) * [Describe the use of namespaces, cgroups, and certificate configuration.](data/3_installation_and_configuration/describe_namespaces_cgroups_certificates.yaml) * [Describe and interpret errors to troubleshoot installation issues without assistance.](data/3_installation_and_configuration/install_troubleshooting.yaml) -* [Describe and demonstrate the steps to deploy the Docker engine, UCP, and DTR on AWS and on-premises in an HA configuration.](data/3_installation_and_configuration/deploy_ucp_dtr_ha.yaml) -* [Describe and demonstrate how to configure backups for UCP and DTR.](data/3_installation_and_configuration/backup_ucp_dtr.yaml) +* [Describe and demonstrate the steps to deploy the Docker engine, UCP (now MKE), and DTR (now MSR) on AWS and on-premises in an HA configuration.](data/3_installation_and_configuration/deploy_ucp_dtr_ha.yaml) +* [Describe and demonstrate how to configure backups for UCP (now MKE) and DTR (now MSR).](data/3_installation_and_configuration/backup_ucp_dtr.yaml) ### Domain 4: Networking (15% of exam) * [Describe the Container Network Model and how it interfaces with the Docker engine and network and IPAM drivers.](data/4_Networking/container_network_model.yaml) * [Describe the different types and use cases for the built-in network drivers.](data/4_Networking/describe_different_types_use_cases_built_in_network_drivers.yaml) -* [Describe the types of traffic that flow between the Docker engine, registry and UCP controllers.](data/4_Networking/describe_engine_registry_ucp_traffic.yaml) +* [Describe the types of traffic that flow between the Docker engine, registry and UCP (now MKE) controllers.](data/4_Networking/describe_engine_registry_ucp_traffic.yaml) * [Describe and demonstrate how to create a Docker bridge network for developers to use for their containers.](data/4_Networking/bridge_network_create.yaml) * [Describe and demonstrate how to publish a port so that an application is accessible externally.](data/4_Networking/describe_demonstrate_publish_port_application_accessible_externally.yaml) * [Identify which IP and port a container is externally accessible on.](data/4_Networking/identify_container_ip_port.yaml) * [Compare and contrast “host” and “ingress” publishing modes.](data/4_Networking/compare_contrast_host_ingress_publishing_modes.yaml) * [Describe and demonstrate how to configure Docker to use external DNS.](data/4_Networking/configure_external_dns.yaml) -* [Describe and demonstrate how to use Docker to load balance HTTP/HTTPs traffic to an application (Configure L7 load balancing with Docker EE)](data/4_Networking/http_https_load_balancing.yaml). -* [Understand and describe the types of traffic that flow between the Docker engine, registry, and UCP controllers](data/4_Networking/understand_engine_registry_ucp_traffic.yaml) +* [Describe and demonstrate how to use Docker to load balance HTTP/HTTPs traffic to an application (Configure L7 load balancing with Docker Enterprise)](data/4_Networking/http_https_load_balancing.yaml). +* [Understand and describe the types of traffic that flow between the Docker engine, registry, and UCP (now MKE) controllers](data/4_Networking/understand_engine_registry_ucp_traffic.yaml) * [Describe and demonstrate how to deploy a service on a Docker overlay network.](data/4_Networking/deploy_overlay_service.yaml) * [Describe and demonstrate how to troubleshoot container and engine logs to resolve connectivity issues between containers.](data/4_Networking/troubleshoot_container_connectivity.yaml) * [Describe how to route traffic to Kubernetes pods using ClusterIP and NodePort services.](data/4_Networking/k8s_clusterip_nodeport.yaml) @@ -111,13 +111,13 @@ The goal is to help candidates: * [Describe swarm default security.](data/5_Security/swarm_default_security.yaml) * [Describe MTLS.](data/5_Security/describe_mtls.yaml) * [Describe identity roles.](data/5_Security/security_identity_roles.yaml) -* [Compare and contrast UCP workers and managers.](data/5_Security/compare_contrast_ucp_workers_managers.yaml) -* [Describe the process to use external certificates with UCP and DTR.](data/5_Security/external_certs_ucp_dtr.yaml) +* [Compare and contrast UCP (now MKE) workers and managers.](data/5_Security/compare_contrast_ucp_workers_managers.yaml) +* [Describe the process to use external certificates with UCP (now MKE) and DTR (now MSR).](data/5_Security/external_certs_ucp_dtr.yaml) * [Describe and demonstrate that an image passes a security scan.](data/5_Security/image_security_scan.yaml) * [Describe and demonstrate how to enable Docker Content Trust.](data/5_Security/describe_demonstrate_how_enable_docker_content_trust.yaml) -* [Describe and demonstrate how to configure RBAC with UCP.](data/5_Security/ucp_rbac_config.yaml) -* [Describe and demonstrate how to integrate UCP with LDAP/AD.](data/5_Security/ucp_ldap_ad_integration.yaml) -* [Describe and demonstrate how to create UCP client bundles.](data/5_Security/ucp_client_bundle.yaml) +* [Describe and demonstrate how to configure RBAC with UCP (now MKE).](data/5_Security/ucp_rbac_config.yaml) +* [Describe and demonstrate how to integrate UCP (now MKE) with LDAP/AD.](data/5_Security/ucp_ldap_ad_integration.yaml) +* [Describe and demonstrate how to create UCP (now MKE) client bundles.](data/5_Security/ucp_client_bundle.yaml) * [Describe Docker Bench for Security.](data/5_Security/docker_bench_security.yaml) * [Describe seccomp profiles.](data/5_Security/seccomp_profiles.yaml) * [Describe AppArmor and SELinux with Docker.](data/5_Security/apparmor_selinux.yaml) @@ -131,7 +131,7 @@ The goal is to help candidates: * [Compare and contrast object and block storage and when they should be used.](data/6_storage_and_volumes/contrast_object.yaml) * [Describe how an application is composed of layers and where these layers reside on the filesystem.](data/6_storage_and_volumes/layers_filesystem.yaml) * [Describe the use of volumes with Docker for persistent storage.](data/6_storage_and_volumes/persistent_storage.yaml) -* [Identify the steps to take to clean up unused images on a filesystem and DTR.](data/6_storage_and_volumes/unused_images.yaml) +* [Identify the steps to take to clean up unused images on a filesystem and DTR (now MSR).](data/6_storage_and_volumes/unused_images.yaml) * [Describe and demonstrate how storage can be used across cluster nodes.](data/6_storage_and_volumes/volume_cluster.yaml) * [Describe how to provision persistent storage to a Kubernetes pod using persistentVolumes.](data/6_storage_and_volumes/persistent_volumes.yaml) * [Describe the relationship between container storage interface drivers, storageClass, persistentVolumeClaim and volume objects in Kubernetes.](data/6_storage_and_volumes/relationship_storage_volume.yaml) @@ -154,7 +154,7 @@ Contributions are welcome! You can: * This is a community-driven, unofficial project. * It is not sponsored or endorsed by Docker Inc. or Mirantis. -* All trademarks such as “Docker”, “Mirantis”, “DTR”, and “UCP” are used only as references and remain the property of their respective owners. +* All trademarks such as "Docker", "Mirantis", "DTR" (now MSR), "UCP" (now MKE), "MKE", and "MSR" are used only as references and remain the property of their respective owners. * This repository contains only original content, created under fair use for educational purposes. * Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries. Docker, Inc. and other parties may also hold trademark rights to other terms used in this document. diff --git a/data/3_installation_and_configuration/backup_ucp_dtr.yaml b/data/3_installation_and_configuration/backup_ucp_dtr.yaml index 8e9b55f..24978ae 100644 --- a/data/3_installation_and_configuration/backup_ucp_dtr.yaml +++ b/data/3_installation_and_configuration/backup_ucp_dtr.yaml @@ -1,6 +1,6 @@ questions: - uuid: 2fd05cc9-0e15-4ac4-ae3b-9a49ac0380f6 - question: Which command allows you to back up UCP data? + question: Which command allows you to back up UCP (now MKE) data? answers: - { value: 'docker swarm backup', correct: false } - { value: 'docker ucp export', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/backup-restore.html - uuid: 0b122010-4d64-44ff-8153-f33c3dc3e2f0 - question: What must be done before performing a UCP restore? + question: What must be done before performing a UCP (now MKE) restore? answers: - { value: 'Stop the Docker service on the target node', correct: true } - { value: 'Delete all volumes', correct: false } @@ -18,7 +18,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/backup-restore.html#restore - uuid: fdc31b03-3093-4638-a77f-ef7b11860d88 - question: Which command allows you to back up a DTR instance? + question: Which command allows you to back up a DTR (now MSR) instance? answers: - { value: 'docker registry save', correct: false } - { value: 'docker dtr snapshot', correct: false } @@ -27,7 +27,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/backup-restore.html - uuid: fdbb11c1-6f7c-4e93-b487-c4ecdb6f315c - question: Which command is used to restore a DTR backup? + question: Which command is used to restore a DTR (now MSR) backup? answers: - { value: 'docker container exec dtr restore backup.tar', correct: false } - { value: 'docker dtr load backup.tar', correct: false } @@ -36,16 +36,16 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/backup-restore.html - uuid: 7b313274-0072-41a0-bd16-170c8672c845 - question: What is essential for a DTR restore to work correctly? + question: What is essential for a DTR (now MSR) restore to work correctly? answers: - { value: 'Have Docker Desktop installed', correct: false } - { value: 'Use only port 2376', correct: false } - { value: 'Be connected to the Internet', correct: false } - - { value: 'Use the same DTR version as the backup', correct: true } + - { value: 'Use the same DTR (now MSR) version as the backup', correct: true } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/backup-restore.html#restore-backup - uuid: 38f20494-3c31-4c83-9f39-b3e0b5c6db48 - question: Where are the critical UCP data stored that must be backed up? + question: Where are the critical UCP (now MKE) data stored that must be backed up? answers: - { value: '/opt/ucp', correct: false } - { value: '/var/ucp/data', correct: false } @@ -54,7 +54,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/backup-restore.html - uuid: 91f9d1ef-d40b-40fa-a45e-4cb95641727b - question: What is the best practice for scheduling UCP and DTR backups? + question: What is the best practice for scheduling UCP (now MKE) and DTR (now MSR) backups? answers: - { value: 'Automate the backup with scripts and store it outside the cluster', correct: true } - { value: 'Perform a manual backup once a month', correct: false } @@ -63,25 +63,25 @@ questions: help: https://docs.mirantis.com/mke/3.7/ops/disaster-recovery/back-up-mke/backup-considerations.html - uuid: 65ae1827-32ec-4d6f-84ed-f41fef47135e - question: Can a full UCP cluster be restored from a single backup? + question: Can a full UCP (now MKE) cluster be restored from a single backup? answers: - { value: 'No, UCP does not support restoration', correct: false } - - { value: 'Yes, if it was taken on a UCP manager with quorum', correct: true } + - { value: 'Yes, if it was taken on a UCP (now MKE) manager with quorum', correct: true } - { value: 'Yes, but only if Swarm is disabled', correct: false } - { value: 'No, a backup of each node is required', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/backup-restore.html - uuid: 32590a06-2d90-4b13-8c20-6e06ac3d00e0 - question: What is a common reason for failure when restoring a DTR backup? + question: What is a common reason for failure when restoring a DTR (now MSR) backup? answers: - { value: 'Lack of Internet access', correct: false } - - { value: 'Version incompatibility between the backup and the installed DTR', correct: true } + - { value: 'Version incompatibility between the backup and the installed DTR (now MSR)', correct: true } - { value: 'DTR already in HA mode', correct: false } - { value: 'Incorrectly named volume', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/backup-restore.html#restore-backup - uuid: 5cf798e7-d097-4992-8b7b-36b63329207d - question: What best practice should accompany UCP/DTR backups? + question: What best practice should accompany UCP (now MKE)/DTR (now MSR) backups? answers: - { value: 'Use only local backups', correct: false } - { value: 'Disable TLS to simplify restoration', correct: false } diff --git a/data/3_installation_and_configuration/deploy_ucp_dtr_ha.yaml b/data/3_installation_and_configuration/deploy_ucp_dtr_ha.yaml index 97c867e..ff1ff94 100644 --- a/data/3_installation_and_configuration/deploy_ucp_dtr_ha.yaml +++ b/data/3_installation_and_configuration/deploy_ucp_dtr_ha.yaml @@ -1,6 +1,6 @@ questions: - uuid: 8fdbfa8e-244d-46b8-9041-c74d649bca78 - question: Which command installs UCP on an existing Docker node? + question: Which command installs UCP (now MKE) on an existing Docker node? answers: - { value: 'docker install ucp', correct: false } - { value: 'docker ucp deploy', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/install/ - uuid: 7b11b126-0b6a-4fdf-979c-2e2d413fc3fd - question: How many manager nodes are required for an HA UCP setup with quorum? + question: How many manager nodes are required for an HA UCP (now MKE) setup with quorum? answers: - { value: '5', correct: false } - { value: '3', correct: true } @@ -18,7 +18,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/architecture/#high-availability - uuid: 2aeebc5e-b670-42b1-a5ff-8fa7ccedfe9e - question: Which command adds a new UCP manager node to an existing cluster? + question: Which command adds a new UCP (now MKE) manager node to an existing cluster? answers: - { value: 'docker swarm join --ucp-manager', correct: false } - { value: 'docker ucp add-manager', correct: false } @@ -27,7 +27,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/install/join-linux-nodes.html - uuid: 21ef8613-10b2-4e0f-a2f3-e2c1d1c8593f - question: Which command is recommended to install DTR on a UCP node? + question: Which command is recommended to install DTR (now MSR) on a UCP (now MKE) node? answers: - { value: 'docker dtr deploy', correct: false } - { value: 'docker registry install', correct: false } @@ -45,16 +45,16 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/ucp/on-aws/ - uuid: c41396d4-17f0-4a8a-9981-1b205728c9c5 - question: What requirement is necessary to deploy DTR in HA? + question: What requirement is necessary to deploy DTR (now MSR) in HA? answers: - { value: 'A latest tag on all images', correct: false } - { value: 'Shared or replicated persistent storage', correct: true } - { value: 'Root access on all workers', correct: false } - - { value: 'A single UCP manager', correct: false } + - { value: 'A single UCP (now MKE) manager', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/architecture/#high-availability - uuid: 85e4de92-7298-4217-9c7c-f3e3ea8c2e84 - question: Which command checks the status of UCP services after installation? + question: Which command checks the status of UCP (now MKE) services after installation? answers: - { value: 'docker swarm status', correct: false } - { value: 'docker ucp status', correct: false } @@ -63,16 +63,16 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/troubleshoot/ - uuid: e65f1c8b-fba5-434a-a1bb-b8461c1d1b2e - question: What is a good practice to balance load across UCP nodes in HA? + question: What is a good practice to balance load across UCP (now MKE) nodes in HA? answers: - { value: 'Disable TLS', correct: false } - { value: 'Use a node label', correct: false } - - { value: 'Use a load balancer in front of UCP managers', correct: true } + - { value: 'Use a load balancer in front of UCP (now MKE) managers', correct: true } - { value: 'Enable debug mode', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/architecture/#ucp-high-availability - uuid: e47cb7f3-ef17-4718-bbe1-6b13de8ae260 - question: Can UCP and DTR be deployed on the same nodes? + question: Can UCP (now MKE) and DTR (now MSR) be deployed on the same nodes? answers: - { value: 'No, except with Docker Desktop', correct: false } - { value: 'Yes, only on AWS', correct: false } @@ -81,7 +81,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/install/plan-your-installation.html - uuid: cdb987f6-48b6-4f4c-9f2f-c34c1c36c837 - question: Which option allows a secondary DTR node to synchronize with a primary node? + question: Which option allows a secondary DTR (now MSR) node to synchronize with a primary node? answers: - { value: '--standby', correct: false } - { value: '--join-token', correct: false } diff --git a/data/3_installation_and_configuration/describe_sizing_requirements_for_installation.yaml b/data/3_installation_and_configuration/describe_sizing_requirements_for_installation.yaml index 252de33..e278605 100644 --- a/data/3_installation_and_configuration/describe_sizing_requirements_for_installation.yaml +++ b/data/3_installation_and_configuration/describe_sizing_requirements_for_installation.yaml @@ -1,6 +1,6 @@ questions: - uuid: 915cfc8c-72d3-46a7-9797-fc980ef2452d - question: What is the minimum recommended number of CPUs for installing Docker Universal Control Plane (UCP)? + question: What is the minimum recommended number of CPUs for installing Docker Universal Control Plane (UCP, now MKE)? answers: - { value: '4', correct: true } - { value: '1', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.mirantis.com/mke/3.4/launchpad/lp-system-requirements.html - uuid: bbc16b4e-7291-4b64-9270-14b60c9a0d79 - question: What is the minimum amount of RAM recommended for a UCP manager node? + question: What is the minimum amount of RAM recommended for a UCP (now MKE) manager node? answers: - { value: '16 GB', correct: true } - { value: '8 GB', correct: false } @@ -27,7 +27,7 @@ questions: help: https://docs.docker.com/storage/storagedriver/overlayfs-driver/ - uuid: 67a48e29-32c3-4267-a931-c08b3cb0531b - question: For DTR (Docker Trusted Registry), what is the minimum disk space required per node? + question: For DTR (Docker Trusted Registry, now MSR), what is the minimum disk space required per node? answers: - { value: '50 GB', correct: false } - { value: '100 GB', correct: true } @@ -72,7 +72,7 @@ questions: help: https://docs.docker.com/storage/ - uuid: 05176b68-5a8b-4814-8753-ffec40440f12 - question: What is the typical port required to access UCP via a browser? + question: What is the typical port required to access UCP (now MKE) via a browser? answers: - { value: '8080', correct: false } - { value: '443', correct: true } diff --git a/data/3_installation_and_configuration/hub_users_teams.yaml b/data/3_installation_and_configuration/hub_users_teams.yaml index 56a6b16..76133cb 100644 --- a/data/3_installation_and_configuration/hub_users_teams.yaml +++ b/data/3_installation_and_configuration/hub_users_teams.yaml @@ -22,7 +22,7 @@ questions: answers: - { value: 'Yes, but only with a paid account', correct: false } - { value: 'No, a user is tied to only one organization', correct: false } - - { value: 'No, except with Docker Enterprise', correct: false } + - { value: 'No, except with Docker Enterprise (now Mirantis)', correct: false } - { value: 'Yes', correct: true } help: https://docs.docker.com/docker-hub/orgs/ diff --git a/data/4_Networking/describe_engine_registry_ucp_traffic.yaml b/data/4_Networking/describe_engine_registry_ucp_traffic.yaml index 4a47b7d..bc7b49f 100644 --- a/data/4_Networking/describe_engine_registry_ucp_traffic.yaml +++ b/data/4_Networking/describe_engine_registry_ucp_traffic.yaml @@ -9,7 +9,7 @@ questions: help: https://docs.docker.com/registry/spec/api/ - uuid: d593dd0b-20d6-4c81-a4b4-63d234b99bce - question: Which port is typically used for secure traffic between UCP controllers and Docker engines? + question: Which port is typically used for secure traffic between UCP (now MKE) controllers and Docker engines? answers: - { value: '5000', correct: false } - { value: '443', correct: true } @@ -18,7 +18,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/architecture/ucp-architecture.html - uuid: b2ea7eaf-813b-4e7f-a9ec-7819ff0f9695 - question: What kind of internal communication occurs between UCP manager nodes? + question: What kind of internal communication occurs between UCP (now MKE) manager nodes? answers: - { value: 'Raft protocol for consensus', correct: true } - { value: 'SSH command relays', correct: false } @@ -27,16 +27,16 @@ questions: help: https://docs.docker.com/engine/swarm/raft/ - uuid: 1cbf7d01-1bcd-49a4-a372-60bb524a1aa7 - question: Which service uses mutual TLS to authenticate communications with UCP? + question: Which service uses mutual TLS to authenticate communications with UCP (now MKE)? answers: - { value: 'Docker CLI only', correct: false } - { value: 'Docker engine', correct: true } - { value: 'External load balancer', correct: false } - - { value: 'DTR only', correct: false } + - { value: 'DTR (now MSR) only', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/architecture/ucp-architecture.html - uuid: 061dcd8d-255a-4cf3-8cf3-d663c34e5897 - question: How does UCP handle secure communications to its API? + question: How does UCP (now MKE) handle secure communications to its API? answers: - { value: 'By requiring clients to SSH tunnel into manager nodes', correct: false } - { value: 'By exposing a TLS-enabled HTTPS API on port 443', correct: true } diff --git a/data/4_Networking/http_https_load_balancing.yaml b/data/4_Networking/http_https_load_balancing.yaml index d2bcaaf..b0207c7 100644 --- a/data/4_Networking/http_https_load_balancing.yaml +++ b/data/4_Networking/http_https_load_balancing.yaml @@ -1,6 +1,6 @@ questions: - uuid: 4a1fc56e-2199-4a8a-a431-0b49966e1db2 - question: What built-in Docker EE feature provides Layer 7 load balancing for HTTP/HTTPS? + question: What built-in Docker Enterprise (now Mirantis) feature provides Layer 7 load balancing for HTTP/HTTPS? answers: - { value: 'Ingress overlay driver', correct: false } - { value: 'DNS round robin', correct: false } @@ -9,10 +9,10 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/interlock/index.html - uuid: 9189e0aa-8e84-4dcb-8d7b-4e1c87979c5e - question: Which Docker EE component is used to automatically route traffic to services based on host or path? + question: Which Docker Enterprise (now Mirantis) component is used to automatically route traffic to services based on host or path? answers: - { value: 'Swarm Gossip Protocol', correct: false } - - { value: 'UCP routing mesh', correct: false } + - { value: 'UCP (now MKE) routing mesh', correct: false } - { value: 'Docker Daemon Proxy', correct: false } - { value: 'Interlock with NGINX', correct: true } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/interlock/architecture.html @@ -36,7 +36,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/interlock/configuration/service-labels.html - uuid: 9e42e5fc-3877-4e8f-84ee-22d4463d0cb4 - question: What is required on the UCP node for Interlock to terminate HTTPS traffic? + question: What is required on the UCP (now MKE) node for Interlock to terminate HTTPS traffic? answers: - { value: 'Swarm manager in leader mode only', correct: false } - { value: 'Custom iptables rules', correct: false } diff --git a/data/4_Networking/understand_engine_registry_ucp_traffic.yaml b/data/4_Networking/understand_engine_registry_ucp_traffic.yaml index 5952407..f1513c2 100644 --- a/data/4_Networking/understand_engine_registry_ucp_traffic.yaml +++ b/data/4_Networking/understand_engine_registry_ucp_traffic.yaml @@ -1,6 +1,6 @@ questions: - uuid: ed1fc470-c68e-4bc2-a370-d3ad456c6b29 - question: What traffic is used between Docker engine and DTR when pulling signed images? + question: What traffic is used between Docker engine and DTR (now MSR) when pulling signed images? answers: - { value: 'SSH with verified fingerprints', correct: false } - { value: 'DNS-over-HTTPS', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.docker.com/engine/security/trust/ - uuid: 36802f55-cf02-4267-b5c2-40f98988292f - question: What is the main role of TLS in communications between UCP components? + question: What is the main role of TLS in communications between UCP (now MKE) components? answers: - { value: 'To enable NAT between subnets', correct: false } - { value: 'To encrypt and authenticate API and control traffic', correct: true } @@ -18,7 +18,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/architecture/ucp-architecture.html - uuid: 81e2853a-d116-4bce-a352-623ed2a0a3f2 - question: How is traffic from the Docker CLI to UCP authenticated? + question: How is traffic from the Docker CLI to UCP (now MKE) authenticated? answers: - { value: 'By using bearer tokens stored in secrets.json', correct: false } - { value: 'Using a client bundle with certificates and keys', correct: true } @@ -27,7 +27,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/user-access/cli-access.html - uuid: f68d7f5f-cd49-4639-bf56-d504f36a4423 - question: Which type of overlay network does UCP use for internal control traffic? + question: Which type of overlay network does UCP (now MKE) use for internal control traffic? answers: - { value: 'Plain IP forwarding', correct: false } - { value: 'Host networking with NAT', correct: false } diff --git a/data/5_Security/compare_contrast_ucp_workers_managers.yaml b/data/5_Security/compare_contrast_ucp_workers_managers.yaml index 1eff35a..a0a8f06 100644 --- a/data/5_Security/compare_contrast_ucp_workers_managers.yaml +++ b/data/5_Security/compare_contrast_ucp_workers_managers.yaml @@ -1,6 +1,6 @@ questions: - uuid: 38211d9e-34f3-4b3f-9015-c837acc741f7 - question: What is the main role of a UCP manager node? + question: What is the main role of a UCP (now MKE) manager node? answers: - { value: 'To manage the cluster state and orchestrate services', correct: true } - { value: 'To provide storage to the cluster', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.docker.com/datacenter/ucp/2.2/guides/architecture/ - uuid: d2133e4b-8121-4b96-8b6c-e3b01e26913c - question: What is the purpose of a UCP worker node? + question: What is the purpose of a UCP (now MKE) worker node? answers: - { value: 'To run containers and services scheduled by managers', correct: true } - { value: 'To configure TLS certificates', correct: false } @@ -18,7 +18,7 @@ questions: help: https://docs.docker.com/datacenter/ucp/2.2/guides/architecture/ - uuid: 1bb29ae7-3c69-4f5e-a899-b3f2312a69cf - question: Which nodes in UCP can access the control plane? + question: Which nodes in UCP (now MKE) can access the control plane? answers: - { value: 'Manager nodes only', correct: true } - { value: 'Only nodes with secrets', correct: false } @@ -27,7 +27,7 @@ questions: help: https://docs.docker.com/datacenter/ucp/2.2/guides/architecture/ - uuid: e8ed4b37-4703-4f82-9471-ec42be7e217e - question: What happens if all UCP manager nodes fail? + question: What happens if all UCP (now MKE) manager nodes fail? answers: - { value: 'The cluster loses control plane access and cannot schedule new tasks', correct: true } - { value: 'Worker nodes promote themselves automatically', correct: false } @@ -36,7 +36,7 @@ questions: help: https://docs.docker.com/datacenter/ucp/2.2/guides/architecture/ - uuid: 54244b0b-b9fc-4b3f-887a-c75889ffbe2f - question: Which of the following best describes a UCP worker node? + question: Which of the following best describes a UCP (now MKE) worker node? answers: - { value: 'It handles volume plugins', correct: false } - { value: 'It manages access control policies', correct: false } @@ -45,7 +45,7 @@ questions: help: https://docs.docker.com/datacenter/ucp/2.2/guides/architecture/ - uuid: 5e73fd94-128d-4b2d-bd25-4bc9dcbe914f - question: How can you ensure high availability for UCP manager nodes? + question: How can you ensure high availability for UCP (now MKE) manager nodes? answers: - { value: 'Deploy all managers on the same host', correct: false } - { value: 'Run an odd number of managers distributed across hosts', correct: true } @@ -54,7 +54,7 @@ questions: help: https://docs.docker.com/datacenter/ucp/2.2/guides/architecture/ - uuid: 56b99163-baf8-4c3f-8a4b-5a31352f150c - question: Can UCP worker nodes be promoted to manager roles? + question: Can UCP (now MKE) worker nodes be promoted to manager roles? answers: - { value: 'Yes, using Docker CLI or UI', correct: true } - { value: 'Only on Kubernetes clusters', correct: false } @@ -63,7 +63,7 @@ questions: help: https://docs.docker.com/reference/cli/docker/node/promote/ - uuid: 6a314420-c878-4d32-9472-91c287c8eeed - question: Why should the number of UCP managers be odd? + question: Why should the number of UCP (now MKE) managers be odd? answers: - { value: 'To save RAM', correct: false } - { value: 'To reduce network hops', correct: false } @@ -72,7 +72,7 @@ questions: help: https://docs.docker.com/engine/swarm/raft/ - uuid: a00efea0-78b0-4f68-82aa-85993f13d2d4 - question: Which type of node has access to UCP's RBAC enforcement and API? + question: Which type of node has access to UCP''s (now MKE) RBAC enforcement and API? answers: - { value: 'All overlay networks', correct: false } - { value: 'Worker nodes', correct: false } diff --git a/data/5_Security/external_certs_ucp_dtr.yaml b/data/5_Security/external_certs_ucp_dtr.yaml index 338ae14..d14f1e0 100644 --- a/data/5_Security/external_certs_ucp_dtr.yaml +++ b/data/5_Security/external_certs_ucp_dtr.yaml @@ -1,6 +1,6 @@ questions: - uuid: b61f1b5e-d74e-432e-bc14-d1d8f58ab8c1 - question: What is the purpose of using external certificates in UCP/DTR? + question: What is the purpose of using external certificates in UCP (now MKE)/DTR (now MSR)? answers: - { value: 'Authenticate connections with certificates issued by a trusted authority', correct: true } - { value: 'Replace Docker Hub as the image source', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/tls/external-ca.html - uuid: 72e2c462-56b4-44e9-9e88-9fa63129a548 - question: Which files are required to use an external certificate in UCP? + question: Which files are required to use an external certificate in UCP (now MKE)? answers: - { value: 'A signed image', correct: false } - { value: 'A server certificate, a private key, and a CA chain', correct: true } @@ -18,7 +18,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/tls/external-ca.html#prerequisites - uuid: 61c27520-172b-457f-8727-b709c4f81b99 - question: Which command is used to replace existing UCP certificates? + question: Which command is used to replace existing UCP (now MKE) certificates? answers: - { value: 'docker swarm tls renew', correct: false } - { value: 'docker container run --rm -v $(pwd):/certs docker/ucp replace-certs', correct: true } @@ -27,7 +27,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/tls/rotate-ca.html - uuid: 2833a6f3-d478-48c3-874b-8f47dc59a1fa - question: Which command configures DTR with an external CA after installation? + question: Which command configures DTR (now MSR) with an external CA after installation? answers: - { value: 'docker container exec dtr set-cert', correct: false } - { value: 'docker dtr certs reload', correct: false } @@ -36,7 +36,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/install/use-external-ca.html - uuid: 3c0d3b9e-77e2-4ef9-bf2f-b607c12666da - question: At what point can external certificates be provided during UCP installation? + question: At what point can external certificates be provided during UCP (now MKE) installation? answers: - { value: 'Directly with the --external-server-cert option', correct: true } - { value: 'By modifying the UCP Dockerfile', correct: false } @@ -45,12 +45,12 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/tls/external-ca.html#during-installation - uuid: 9c88f204-cb01-49b1-9c14-1202b765d08a - question: What happens if UCP certificates expire and are not renewed in time? + question: What happens if UCP (now MKE) certificates expire and are not renewed in time? answers: - { value: 'Swarm is automatically recreated', correct: false } - { value: 'Containers are deleted', correct: false } - - { value: 'The UCP dashboard becomes inaccessible over HTTPS', correct: true } - - { value: 'DTR switches to read-only mode', correct: false } + - { value: 'The UCP (now MKE) dashboard becomes inaccessible over HTTPS', correct: true } + - { value: 'DTR (now MSR) switches to read-only mode', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/tls/rotate-ca.html - uuid: 6ac7dc55-ff07-4190-aed5-10c8ef730ec8 @@ -58,21 +58,21 @@ questions: answers: - { value: 'To connect to Docker Hub', correct: false } - { value: 'So clients can validate the entire chain of trust up to the root CA', correct: true } - - { value: 'To enable UCP clustering', correct: false } + - { value: 'To enable UCP (now MKE) clustering', correct: false } - { value: 'To enable persistent volumes', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/tls/external-ca.html#prerequisites - uuid: 4d9e2259-c0d5-4062-91b5-0a3dbbeffcb8 - question: Can DTR TLS certificates be replaced without downtime? + question: Can DTR (now MSR) TLS certificates be replaced without downtime? answers: - { value: 'Yes, using reconfigure in rolling mode', correct: true } - - { value: 'No, DTR must be reinstalled', correct: false } + - { value: 'No, DTR (now MSR) must be reinstalled', correct: false } - { value: 'Yes, but only with Docker Desktop', correct: false } - { value: 'No, because certificates are immutable', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/install/use-external-ca.html#replace-existing-certificates - uuid: b7d019c6-7c9b-464c-ae0e-ec64927a0149 - question: What format must the certificates and keys provided to UCP/DTR follow? + question: What format must the certificates and keys provided to UCP (now MKE)/DTR (now MSR) follow? answers: - { value: 'PEM (base64 encoded)', correct: true } - { value: 'PKCS#11 token', correct: false } diff --git a/data/5_Security/image_security_scan.yaml b/data/5_Security/image_security_scan.yaml index 8ec4eb3..9bdfce2 100644 --- a/data/5_Security/image_security_scan.yaml +++ b/data/5_Security/image_security_scan.yaml @@ -1,15 +1,15 @@ questions: - uuid: b36df24b-b1b6-47a2-b8c1-4d0b4c98f689 - question: Which platform in Docker Enterprise allows scanning images for vulnerabilities? + question: Which platform in Docker Enterprise (now Mirantis) allows scanning images for vulnerabilities? answers: - - { value: 'UCP (Universal Control Plane)', correct: false } + - { value: 'UCP (Universal Control Plane, now MKE)', correct: false } - { value: 'Docker Hub', correct: false } - - { value: 'DTR (Docker Trusted Registry)', correct: true } + - { value: 'DTR (Docker Trusted Registry, now MSR)', correct: true } - { value: 'Docker CLI', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/security/scan-images.html - uuid: 3d30c8d6-bfcb-4bb5-b066-0b31633c7a2b - question: When is a security scan triggered on an image in DTR? + question: When is a security scan triggered on an image in DTR (now MSR)? answers: - { value: 'Only manually from the UI', correct: false } - { value: 'Immediately after the image is pushed', correct: true } @@ -18,7 +18,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/security/scan-images.html#image-scanning-flow - uuid: 6e5297cf-98c5-4978-a5a2-d9b87f119038 - question: Which status in DTR indicates that an image has no critical vulnerabilities? + question: Which status in DTR (now MSR) indicates that an image has no critical vulnerabilities? answers: - { value: 'ScanPending', correct: false } - { value: 'Pass', correct: true } @@ -27,16 +27,16 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/security/scan-images.html#scan-results - uuid: 51bd227f-7df8-48b4-8f90-1e88100cf037 - question: Where can the security results of an image be viewed in DTR? + question: Where can the security results of an image be viewed in DTR (now MSR)? answers: - - { value: 'In the DTR web interface under the specific image', correct: true } + - { value: 'In the DTR (now MSR) web interface under the specific image', correct: true } - { value: 'In the Swarm configuration', correct: false } - { value: 'On Docker Hub in the Security tab', correct: false } - { value: 'Using docker scan ', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/security/scan-images.html#scan-results - uuid: 4a4210c4-93dc-49f2-a00e-204660a0ccba - question: What type of vulnerabilities are detected by the DTR scanner? + question: What type of vulnerabilities are detected by the DTR (now MSR) scanner? answers: - { value: 'Dockerfile syntax errors', correct: false } - { value: 'Flaws in volumes', correct: false } @@ -57,13 +57,13 @@ questions: question: Is it possible to block the execution of vulnerable images using rules? answers: - { value: 'No, Docker does not offer this level of security', correct: false } - - { value: 'Yes, with admission rules in UCP', correct: true } + - { value: 'Yes, with admission rules in UCP (now MKE)', correct: true } - { value: 'Yes, but only on Docker Desktop', correct: false } - { value: 'Yes, but only via Docker Hub Pro', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/admission-control.html - uuid: a7e14311-5b38-4dd3-bf88-76d881e5e5bc - question: What vulnerability source is used by the DTR scanner? + question: What vulnerability source is used by the DTR (now MSR) scanner? answers: - { value: 'The NIST CVE (National Vulnerability Database)', correct: true } - { value: 'Dockerfile linting', correct: false } @@ -72,7 +72,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/dtr/security/scan-images.html#scanner - uuid: 4dd21887-b9a0-41ae-b39e-0ef360f3c264 - question: What does the “ScanPending” status mean for an image in DTR? + question: What does the "ScanPending" status mean for an image in DTR (now MSR)? answers: - { value: 'No issues detected', correct: false } - { value: 'The scan is running or scheduled but not yet complete', correct: true } diff --git a/data/5_Security/security_identity_roles.yaml b/data/5_Security/security_identity_roles.yaml index 439bad5..73b3c29 100644 --- a/data/5_Security/security_identity_roles.yaml +++ b/data/5_Security/security_identity_roles.yaml @@ -1,6 +1,6 @@ questions: - uuid: 3aeb8d79-c346-4f29-95c7-3245ac9c7cb6 - question: In UCP, what does RBAC stand for? + question: In UCP (now MKE), what does RBAC stand for? answers: - { value: 'Role-Based Access Control', correct: true } - { value: 'Registry-Based Access Control', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/ - uuid: 6f0a6a9e-3e91-472c-bd1c-8bdf1b179c92 - question: Which built-in RBAC role grants read-only access to UCP resources? + question: Which built-in RBAC role grants read-only access to UCP (now MKE) resources? answers: - { value: 'ViewOnly', correct: true } - { value: 'AuditRead', correct: false } @@ -27,7 +27,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/default-roles.html - uuid: 4b4ff307-79f0-4e5a-8c87-0ae4b21b1ef4 - question: Which UCP role grants full access to resource actions? + question: Which UCP (now MKE) role grants full access to resource actions? answers: - { value: 'Operator', correct: false } - { value: 'RestrictedControl', correct: false } @@ -36,7 +36,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/default-roles.html - uuid: 34781fc8-f57b-48e2-9b0e-4f2bbd54f5da - question: Which entity can be assigned an RBAC role in UCP? + question: Which entity can be assigned an RBAC role in UCP (now MKE)? answers: - { value: 'A container', correct: false } - { value: 'A volume', correct: false } @@ -45,7 +45,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/manage-access.html - uuid: 05818c2f-b3c5-4dbb-939f-0ad5f98112c1 - question: What does the scope of a role in UCP define? + question: What does the scope of a role in UCP (now MKE) define? answers: - { value: 'The number of allowed actions', correct: false } - { value: 'The priority level of the role', correct: false } diff --git a/data/5_Security/ucp_client_bundle.yaml b/data/5_Security/ucp_client_bundle.yaml index b49f353..c3fc84f 100644 --- a/data/5_Security/ucp_client_bundle.yaml +++ b/data/5_Security/ucp_client_bundle.yaml @@ -1,15 +1,15 @@ questions: - uuid: 2b30bb2a-07de-44ae-835c-6b9117ab05f9 - question: What is the primary purpose of a UCP client bundle? + question: What is the primary purpose of a UCP (now MKE) client bundle? answers: - - { value: 'Connect DTR to Docker Hub', correct: false } + - { value: 'Connect DTR (now MSR) to Docker Hub', correct: false } - { value: 'Back up Docker volumes', correct: false } - - { value: 'Allow a user to connect to UCP via the Docker CLI with secure authentication', correct: true } - - { value: 'Deploy a new UCP instance', correct: false } + - { value: 'Allow a user to connect to UCP (now MKE) via the Docker CLI with secure authentication', correct: true } + - { value: 'Deploy a new UCP (now MKE) instance', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/user-access/create-client-bundle.html - uuid: a7c3c109-2b07-44b4-8418-7d171fc6fe95 - question: What does a UCP client bundle contain? + question: What does a UCP (now MKE) client bundle contain? answers: - { value: 'TLS certificates and Docker CLI configuration', correct: true } - { value: 'Log history', correct: false } @@ -45,12 +45,12 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/user-access/create-client-bundle.html#use-client-bundle - uuid: 74e6e693-d376-486e-8d9e-79d60ce0bb0a - question: What condition must be met for a UCP user to download their client bundle? + question: What condition must be met for a UCP (now MKE) user to download their client bundle? answers: - - { value: 'Have access to DTR', correct: false } + - { value: 'Have access to DTR (now MSR)', correct: false } - { value: 'Be logged in as root', correct: false } - { value: 'Be a member of the Admin team only', correct: false } - - { value: 'Have the `Generate Client Bundle` permission in their UCP role', correct: true } + - { value: 'Have the `Generate Client Bundle` permission in their UCP (now MKE) role', correct: true } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/user-access/create-client-bundle.html#access-control - uuid: 2ea49720-6b0d-4391-b5f7-24fae88a07d5 @@ -59,7 +59,7 @@ questions: - { value: 'Because it blocks port 443', correct: false } - { value: 'Because it contains private certificates and keys specific to a user', correct: true } - { value: 'Because it expires every 2 minutes', correct: false } - - { value: 'Because it contains the UCP image', correct: false } + - { value: 'Because it contains the UCP (now MKE) image', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/user-access/create-client-bundle.html#security - uuid: c9390103-5a79-4a50-92d8-9a2b17804287 diff --git a/data/5_Security/ucp_ldap_ad_integration.yaml b/data/5_Security/ucp_ldap_ad_integration.yaml index 98d5513..e431ecc 100644 --- a/data/5_Security/ucp_ldap_ad_integration.yaml +++ b/data/5_Security/ucp_ldap_ad_integration.yaml @@ -1,6 +1,6 @@ questions: - uuid: 15717e2b-bb77-46b7-b2aa-659e34d82a50 - question: What is the main purpose of integrating UCP with LDAP or Active Directory? + question: What is the main purpose of integrating UCP (now MKE) with LDAP or Active Directory? answers: - { value: 'Speed up image transfers', correct: false } - { value: 'Enable centralized user authentication', correct: true } @@ -9,7 +9,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/idmgmt/external-auth/index.html - uuid: 3a90c8f2-7f4d-4608-8e6d-bf1327384d3c - question: Which UCP option allows mapping LDAP groups to teams? + question: Which UCP (now MKE) option allows mapping LDAP groups to teams? answers: - { value: 'Federated Login Sync', correct: false } - { value: 'RBAC Sync', correct: false } @@ -27,16 +27,16 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/idmgmt/external-auth/index.html#required-settings - uuid: 14f7ac14-41f4-41ec-b2a0-47d8eb0ff705 - question: Which interface allows configuring LDAP in UCP? + question: Which interface allows configuring LDAP in UCP (now MKE)? answers: - { value: '/etc/docker/ucp-ldap.conf file', correct: false } - - { value: 'Web Admin interface or UCP API', correct: true } + - { value: 'Web Admin interface or UCP (now MKE) API', correct: true } - { value: 'docker config set --ldap', correct: false } - { value: 'kubectl CLI', correct: false } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/idmgmt/external-auth/index.html#configure-authentication - uuid: fbd028b4-832e-42cb-80b2-baa87d7353b9 - question: Which secure protocol is recommended for the connection between UCP and LDAP? + question: Which secure protocol is recommended for the connection between UCP (now MKE) and LDAP? answers: - { value: 'LDAPS (LDAP over SSL/TLS)', correct: true } - { value: 'HTTP', correct: false } @@ -45,7 +45,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/idmgmt/external-auth/index.html#required-settings - uuid: 44a75e71-464f-44d5-b7aa-1e59e35c02a0 - question: Which field must be filled in for UCP to query the LDAP server? + question: Which field must be filled in for UCP (now MKE) to query the LDAP server? answers: - { value: 'Node Token', correct: false } - { value: 'Image Pull Secret', correct: false } @@ -54,7 +54,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/idmgmt/external-auth/index.html#required-settings - uuid: 4207e0d3-dc14-4666-b245-68e6895f10d4 - question: Once LDAP is configured, how are users added in UCP? + question: Once LDAP is configured, how are users added in UCP (now MKE)? answers: - { value: 'Manually via CSV import', correct: false } - { value: 'Automatically upon first successful login', correct: true } diff --git a/data/5_Security/ucp_rbac_config.yaml b/data/5_Security/ucp_rbac_config.yaml index 150362f..763e09b 100644 --- a/data/5_Security/ucp_rbac_config.yaml +++ b/data/5_Security/ucp_rbac_config.yaml @@ -1,6 +1,6 @@ questions: - uuid: 0fc6d4e7-0179-48bb-b7e8-2a391d0c57f3 - question: What does RBAC mean in the context of Docker UCP? + question: What does RBAC mean in the context of Docker UCP (now MKE)? answers: - { value: 'Role-Based Access Control', correct: true } - { value: 'Remote Backup Admin Console', correct: false } @@ -9,7 +9,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/ - uuid: e271c7fd-2315-4d19-a08c-5bd614746847 - question: Which UCP component allows defining roles and permissions? + question: Which UCP (now MKE) component allows defining roles and permissions? answers: - { value: 'RBAC', correct: true } - { value: 'Compose CLI', correct: false } @@ -18,7 +18,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/ - uuid: 80129f0d-e8de-4034-97b0-96178b39b2e6 - question: Which entity can be assigned an RBAC role in UCP? + question: Which entity can be assigned an RBAC role in UCP (now MKE)? answers: - { value: 'A volume', correct: false } - { value: 'A user or a team', correct: true } @@ -27,7 +27,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/manage-access.html - uuid: c4c84f21-5d8d-4e1d-8ab2-0ef03c88b9b7 - question: What is the possible scope of a role in UCP? + question: What is the possible scope of a role in UCP (now MKE)? answers: - { value: 'Domain name, DNS, logs', correct: false } - { value: 'Service, namespace, container, node', correct: true } @@ -36,7 +36,7 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/ - uuid: 8e352f44-30f3-42b4-b503-4c99ec93e764 - question: Which RBAC role allows view-only access to resources in UCP? + question: Which RBAC role allows view-only access to resources in UCP (now MKE)? answers: - { value: 'Operator', correct: false } - { value: 'AdminAccess', correct: false } @@ -54,16 +54,16 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/manage-access.html - uuid: c1a99418-b50c-4e5a-9186-e28eb8d46f86 - question: Where can RBAC roles be managed in UCP? + question: Where can RBAC roles be managed in UCP (now MKE)? answers: - { value: 'In the /etc/docker/daemon.json file', correct: false } - { value: 'In the Dockerfile', correct: false } - { value: 'Only with kubectl', correct: false } - - { value: 'In the UCP web interface or via API', correct: true } + - { value: 'In the UCP (now MKE) web interface or via API', correct: true } help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/manage-access.html - uuid: f4960718-c05b-4f09-85ee-2e21a3fdde2d - question: Can custom RBAC roles be created in UCP? + question: Can custom RBAC roles be created in UCP (now MKE)? answers: - { value: 'Yes, but only for registries', correct: false } - { value: 'No, this requires Docker Hub Pro', correct: false } @@ -72,9 +72,9 @@ questions: help: https://docs.mirantis.com/docker-enterprise/v3.1/dockeree-products/ucp/rbac/custom-roles.html - uuid: a56ae8b1-7054-4c41-8461-2d89c35c4f0a - question: Which API allows automating RBAC configuration in UCP? + question: Which API allows automating RBAC configuration in UCP (now MKE)? answers: - - { value: 'UCP RBAC HTTP API', correct: true } + - { value: 'UCP (now MKE) RBAC HTTP API', correct: true } - { value: 'Kubernetes RBAC CRDs', correct: false } - { value: 'Docker Swarm REST API', correct: false } - { value: 'Docker CLI scan API', correct: false }