The Ultimate Docker Certification (DCA) Guide for 2023
One of the ways to stand out as a DevOps engineer is to gain certifications that attest to your expertise with DevOps tools. One of the most recognized and sought-after certifications is Docker Certified Associate (DCA).
This article analyzes the DCA exam curriculum and resources that can help you crack the certification test.
Why Get a Docker Certification?
Getting a Docker certification is a great way to demonstrate your knowledge and expertise in containerization. With Docker's increasing popularity, having a certification can set you apart from other candidates in the job market and open up new opportunities for career growth. Additionally, Docker certifications provide a strong foundation for learning related technologies and can help you become a more valuable asset to any organization.
Docker Certification Curriculum
The DCA Certification - awarded by Docker (proctored by Examity) - helps highlight your familiarity and expertise with application deployment using Docker. To pass the exam, you need to know container orchestration, service creation, and Docker Swarm.
Below are a few of the key concepts - and their weightage - that you should get hands-on experience with while preparing for a DCA certification:
Container Orchestration
This part essentially covers the basics of Docker and container orchestration; it carries about 25% of the total mark of your DCA exam. Additionally, you are also required to learn various container orchestration tools.
Below is a breakdown of the container orchestration part:
- Setting up a swarm mode clusters
- Locking a swarm cluster
- Deploying applications into stack files
- Running a service vs. Running a container
- Manage a stack of running services
- Replication of services
- Replicated and global services
- Troubleshoot a non-deploying service
- Communication in Docker applications and legacy systems
- Service templates.
Ensures you learn the basics of container orchestration, including containerized application deployment, managing release updates, and configuring failed containers. On successful completion of this part, it is expected that you’ll be able to create your first orchestrated, containerized application.
Docker Swarm and Kubernetes
Both Kubernetes and Docker Swarm are popular choices for container orchestration. Kubernetes focuses on open-source and modular orchestration, offering an efficient container orchestration solution for high-demand applications with complex configurations. On the other hand, Docker Swarm emphasizes ease of use, making it most suitable for simple applications that are quick to deploy and easy to manage. As you prepare for the DCA exam, you are required to have a working knowledge of both of these tools.
Try the Docker Compose Labs for free
Image Creation, Registry, and Management
This part carries about 20% of your overall mark in a DCA test. All Docker containers are based on images (static files containing everything needed to run an application). They are like a snapshot of a container that, when executed, creates a Docker container.
Below is a breakdown of this part:
- Dockerfile options
- Creating images using Dockerfile
- Image management using CLI commands
- Docker image layers
- Deploying, configuring, and logging into the registry
- Pushing, signing, and pulling images from the registry
- Image deletion
- Tagging images
Installation and Configuration
This is considered the most crucial part of the entire DCA learning. Though installation and configuration account for 15% of your total score, it should be noted that in the real world, a thorough knowledge of these concepts comes in handy almost regularly.
Content covered in installation and configuration includes:
- Upgrading the Docker engine
- Installing the Docker engine on various platforms
- Logging drivers
- User and team creation, user management
- Sizing requirements
- Client-server authentication for image registry access
This part familiarizes you with the Docker Universal Control Plane (UCP), Docker Daemon, and the Docker Trusted Registry (DTR).
Security & Networking
Networking and Security each carry 15% of the total score weightage. Networking in Docker involves connecting containers using Network Drivers. To fully grasp networking for the DCA exam, you’ll have to understand concepts such as:
- Building Docker Bridge Networks for developer use
- Troubleshooting logs
- Publishing application ports
- Identifying container ports and IP addresses
- Describing the various types of network drivers
- Configuring the Docker engine to use an external DNS
- Performing HTTP and HTTPS load-balancing
- Types of traffic on Docker Networks
- Deploying services on Docker Networks
The DCA security chapter explores all authentication, encryption, and transport layer security content. This chapter will include:
- Ensuring images pass security scans
- The process of signing images
- Docker Content Trust
- Docker engine security
- Swarm security
- Distinguishing UCP workers from managers
- Mutual Transport Layer Security (MTLS)
- Using external certificates with the Docker universal control plane
Storage and Volumes
This chapter carries about 10% of your total exam score. Volumes offer a way to store information in Docker. For the DCA Associate exam, it is expected that you develop an understanding of the following:
- How to quickly create volumes
- The differences between volumes and bind mounts
- Volume drivers and their most suitable use cases
- Use of the device mapper
- Object storage vs. block storage
- Filesystem layers
- Persistent storage in Docker
- Cleanup of unused images
- Storage in cluster nodes
Docker Enterprise Edition
The Docker Enterprise Edition (EE) is created for applications with mission-critical deployments. This gives you a managed solution with advanced container management, security scanning, and application logging & monitoring. This version can be deployed on all major Server operating systems, including Red Hat Enterprise Linux (RHEL), Ubuntu, Oracle Linux, Windows Server 2016, and SUSE Linux Enterprise Server (SLES). It is also available for major cloud providers, including Azure and AWS.
Exam Preparation
Certification Format Explanation
The Docker Certified Associate Exam takes one and a half hours and consists of 55 questions, including 44 Discrete Option Multiple-Choice (DOMC) and 11 Multiple-Choice (MCQ) questions. In DOMC, options are randomly shown so that the examinee can choose a YES or a NO. On the other hand, there are multiple correct answers for MCQ questions, all of which the examinee has to select.
Examity proctors this exam, and you can register by clicking this link. While there are no prerequisites, it is recommended that you have 6-12 months of experience with Docker to be fully prepared for the exam. The exam fee is $195, and there are no free retakes if you fail. You may, however, reschedule the exam before taking the test, so don’t feel pressured to take the exam unless you are completely ready.
Docker Certified Associate (DCA) Study Plan
As you prepare to study for your DCA exam, it is best to plan well to ensure that you do not miss any important topics and that you do not get overwhelmed with the amount of knowledge flowing in.
To plan well, you may divide the entire study into three parts –
- The first is a lab setup that you can use for practice demos. This could either be a local Docker Command Line Interface (CLI), an on-cloud platform like AWS (if you have a subscription), or an Online Playground that emulates the Docker CLI.
- The second consideration as part of your plan should include a set of practice exams that let you acquaint yourself with Discrete Option Multiple Choice (DOMC) and Multiple Choice Question (MCQ) exam formats used in the exam. To help with this, KodeKloud provides research questions, practice tests, and mock exams in both MCQ and DOMC format to familiarize you with the certification exam.
- Look for helpful resources for meaningful research. Through KodeKloud’s practice lesson lectures, you can understand the DCA curriculum in a structured manner. Such lectures also act as great resources for understanding Docker commands and options, which come in handy during the exam. Ensure that your approach to learning is more practical than theoretical and that it helps solve real-world problems.
As the ultimate focus, your plan should be to gather knowledge that helps you gain a working knowledge of Docker in real world scenarios.
Study Schedule
Section | Total Learning Time (Hours) | Days (@ 2 Hrs/Day) | Days (@ 4 Hrs/Day) | Days (@ 6 Hrs/Day) |
Docker Architecture | 20 | 10 | 5 | 3 |
Images | 20 | 10 | 5 | 3 |
Security | 8 | 4 | 2 | 1 |
Networking | 14 | 7 | 3.5 | 2 |
Storage | 8 | 4 | 2 | 1 |
Docker Compose | 12 | 6 | 3 | 2 |
Docker Swarm | 26 | 13 | 6.5 | 4 |
Kubernetes | 32 | 16 | 8 | 5 |
Docker Engine Enterprise | 12 | 6 | 3 | 2 |
Docker Trusted Registry | 6 | 3 | 1.5 | 1 |
Disaster Recovery | 8 | 4 | 2 | 1 |
Mock Exams | 28 | 14 | 7 | 5 |
Total | 194 | 3 Months | 1.5 Months | 1 Month |
The Study Schedule above indicates various subject areas you’ll need to cover, categorized into sections with estimated study times based on studying speeds.
The topics – Docker Architecture, Docker Swarm, Kubernetes, and Images, carry the bulk of the work, each taking over 20 hours to study. While topics on Security, Networking, and Disaster Recovery require roughly 8 hours for certification-level expertise. As part of the Study Schedule, you also need to take several mock exams covering each subject, requiring up to 28 hours of your time.
In total, to gain expert-level knowledge to help clear the DCA certification, we estimate that you’ll need to practice for three months if you’re learning for two hours a day, 1.5 months studying four hours a day, and one month studying 6 hours a day.
Sample Questions
Here is a quick quiz to help you assess your knowledge. Leave your answers in the comments below and tag us back.
Quick Tip – The questions below include a mix of DOMC and MCQ types.
- Which statement best describes Quorum?
[A] Quorum is the minimum number of nodes that must be available for the cluster to function properly
[B] In the case of 3 manager nodes, the quorum is 3
[C] One of the best practices: maintain an odd number of managers in the swarm to support manager node failures
2. Which of the following is a recommended best practice while taking backups of a swarm cluster?
[A] Perform the backup operations from a swarm manager node that is a leader
[B] Perform the backup operations from a swarm worker node
[C] Perform the backup operations from a swarm manager node that is not a leader
3. Which of the following steps are required to add a worker node in the UCP cluster?
[A] Provision a node and Install the Docker enterprise engine on it
[B] Run the docker swarm join
command to join the new node to the cluster
[C] Deploy an instance of the ucp-agent
on the new node
[D] ucp-agent
then installs the necessary components on the worker node
4. What will happen if the container consumes more memory than its limit?
[A] The container will not be killed
[B] the container will be killed with an Out of Memory exception
[C] the container’s memory usage will be throttled
5. How does docker map a port on a container to a port on the host?
[A] Using an internal load balancer
[B] FirewallD Rules
[C] Using an external load balancer
[D] IPTables Rules
6. Which of the following solutions supports network policies?
[A] kube-router
[B] Calico
[C] Flannel
[D] Weave-Net
7. Which command can be used to stop (only and not delete) the whole stack of containers created by the compose file?
[A] docker-compose down
[B] docker-compose stop
[C] docker-compose destroy
[D] docker-compose halt
8. What is the command to run 3 instances of httpd on a swarm cluster?
[A] docker swarm service create --instances=3 httpd
[B] docker swarm service create --replicas=3 httpd
[C] docker service create --instances=3 httpd
[D] docker service create --replicas=3 httpd
9. In which service does the DTR image scanning occur?
[A] A service known as the dtr-jobrunner
container
[B] A service known as the dtr-registry
container
[C] A service known as the dtr-api
container
[D] A service known as the dtr-runner
container
10. Assume that you have 3 managers in your cluster; what will happen if 2 managers fail at the same time? Select all the right answers.
[A] The services hosted on the available worker nodes will continue to run
[B] The services hosted on the available worker nodes will stop running
[C] New services/workers can be created or added
[D] New services/workers can’t be created or added
Study Resource
Enroll in our Docker Certified Associate Exam Course.
More on Docker Certification:
- Docker Certified Associate Exam Series (Part-1): Container Orchestration
- Docker Certified Associate Exam Series (Part-2): Kubernetes
- Docker Certified Associate Exam Series (Part-3): Image Creation, Management, and Registry
- Docker Certified Associate Exam Series (Part-4): Installation and Configuration
- Docker Certified Associate Exam Series (Part-5): Networking
- Docker Certified Associate Exam Series (Part-6): Docker Engine Security
- Docker Certified Associate Exam Series (Part-7): Docker Engine Storage & Volumes