Why Get a Docker Certification?
With a rising pattern of organizations adopting Cloud services, Docker continues to gain popularity. At its core, Docker aids in containerization, that is, for the packaging of applications into modules that can easily be replicated and scaled independently. Unarguably, as more applications are moving to the cloud, being an expert in Docker makes you a hot-skilled candidate in the modern IT world.
In this article today, we would run through the Docker Certified Associate (DCA) exam curriculum and helpful resources to crack the certification test.
Curriculum Covered in Docker Certification
The DCA Certification is awarded by Docker (proctored by Examity) that helps highlight your familiarity and expertise with application deployment using Docker. In the exam, apart from your knowledge of Container Orchestration, you are required to have a working knowledge of Docker Enterprise Edition and Docker Swarm. On passing this exam, you’ll have proven that you can install and configure containerized applications using Docker, making it a useful benchmark of your IT skills.
Below are few of the key concepts based on their weightage that you should get hands-on while you start preparing for a DCA certification:
This part essentially covers Basics of Docker and Container Orchestration; and carries about 25% of the total mark of your DCA exam. Additionally, you are also required to learn various Container Orchestration Tools that help automate the process of managing containers.
Content break-up on container orchestration includes:
- Setting up a Swarm Mode Cluster
- Locking a Swarm Cluster
- Deploying Applications into Stack Files
- Running a Service vs. Running a Container
- Manage a stack of running services
- Replication of Services
- Replicated and Global Services
- Troubleshoot a non-deploying Service
- Communication among Docker Applications and Legacy Systems
- Service Templates
An essential part of this content ensures that you learn the basics of container orchestration, including tools that automate deployment of containerized applications, manage release updates, and configure failed containers. On successful completion of this part, it is expected that you’ll be able to create your first orchestrated, containerized application.
Both Kubernetes and Docker Swarm are popular choices of container orchestration. In essence, Kubernetes focuses on open-source and modular orchestration, offering an efficient container orchestration solution for high-demand applications with complex configuration. On the other hand, Docker Swarm emphasizes ease of use, making it most suitable for simple applications that are quick to deploy and easy to manage. As you prepare for the DCA exam, you are required to have a working knowledge of both of these tools and should be aware about their most appropriate use-cases in different scenarios.
Image Creation, Registry and Management
Image Creation, Management and Registry carries about 20% weightage of your overall mark in a DCA test. All Docker containers are based on images, which are the building blocks of containerized applications. An image is, in fact, the executable package containing all components you’ll need to run your application.
For the Docker Certified Associate Exam, the content will include:
- Dockerfile Options
- Creating Images using Dockerfile
- Image Management using CLI commands
- Docker Image Layers
- Deploying, Configuring and Logging into Registry
- Pushing, Signing and Pulling Images from the Registry
- Image Deletion
- Tagging Images
Installation and Configuration
This is considered to be the most crucial part of the entire DCA learning. Though Installation and Configuration accounts for 15% of your total score, it should be noted that in a real-world a thorough knowledge of these concepts would come in handy almost regularly.
Content covered in Installation and Configuration includes:
- Upgrading the Docker Engine
- Installing the Docker Engine on Various Platforms
- Logging Drivers
- User and Team Creation, User Management
- Sizing Requirements
- Client-Server Authentication for Image Registry Access
As an essential part, you will also familiarize yourself with the Docker Universal Control Plane (UCP), Docker Daemon and the Docker Trusted Registry (DTR).
Security & Networking
Networking and Security each carry 15% of the total score weightage. Networking in Docker involves connecting containers using Network Drivers. To fully grasp networking for the DCA exam, you’ll have to understand concepts such as:
- Building Docker Bridge Networks for developer use
- Troubleshooting logs
- Publishing application ports
- Identifying container ports and IP addresses
- Describing the various types of network drivers
- Configuring the Docker engine to use an external DNS
- Performing HTTP HTTPS load-balancing
- Types of traffic on Docker Networks
- Deploying services on Docker Networks.
The DCA security chapter explores all content relating to authentication, encryption and transport layer security. This chapter will include:
- Ensuring images pass security scans
- The process of signing images
- Docker Content Trust
- Docker Engine Security
- Swarm Security
- Distinguishing UCP workers from managers.
- Mutual Transport Layer Security (MTLS)
- Using External Certificates with the Docker Universal Control Plane
Storage and Volumes
This chapter carries about 10% of your total exam score. Volumes offer a way to store information in Docker. For the DCA Associate exam, it is expected that you develop an understanding of:
- How to quickly create volumes
- The differences between volumes and bind mounts
- Volume drivers and their most suitable use-cases
- Use of the device mapper
- Object storage vs. block storage
- Filesystem layers
- Persistent storage in Docker
- Cleanup of unused images
- Storage in cluster nodes.
Docker Enterprise Edition
The Docker Enterprise Edition (EE) is created for applications with mission-critical deployments. This gives you a managed solution, complete with advanced container management, security scanning and application logging & monitoring. This version can be deployed on all major Server operating systems, including Red Hat Enterprise Linux (RHEL), Ubuntu, Oracle Linux, Windows Server 2016 and SUSE Linux Enterprise Server (SLES). It is also available for major cloud providers, including Azure and AWS.
The Docker Certified Associate Exam is of one and a half hours and consists of 55 questions, including 44 Discrete Option Multiple-Choice (DOMC) and 11 Multiple-Choice (MCQ) questions. In DOMC, options are randomly shown at a time for the examinee to choose a YES or a NO. On the other hand, in a MCQ question there are multiple correct answers, all of which the examinee has to select discreetly. This exam is proctored by Examity, and you can register by clicking this link. While there are no prerequisites, it is recommended that you should have used Docker for 6-12 months to be fully prepared for the exam. The exam fee is $195 and there are no free retakes if you flunk. You may however reschedule the exam prior to taking the test, so don’t feel pressured to take the exam unless you are completely ready.
Docker Certified Associate (DCA) Study Plan
As you prepare to study for your DCA exam, it is best to plan well to make sure that you do not miss any important topics, while ensuring that you do not get overwhelmed with the amount of knowledge flowing in.
To plan well, you may divide the entire study into three parts –
- The first is a lab setup that you can use for practice demos. This could either be a local Docker Command Line Interface (CLI), an on-cloud platform like AWS (if you have a subscription), or an Online Playground that emulates the Docker CLI.
- The second consideration as part of your plan should include a set of practice exams that lets you acquaint yourself with Discrete Option Multiple Choice (DOMC) and Multiple Choice Question (MCQ) exam formats used in the exam. To help with this, KodeKloud provides research questions, practice tests, and mock exams in both MCQ and DOMC format that helps you get familiarised with the certification exam.
- Lastly, but most importantly, you should plan to consider helpful resources for meaningful research. Through KodeKloud’s practice lesson lectures, you can get an in-depth understanding of the DCA curriculum in a structured schedule. Such lectures also act as great resources to understand various Docker commands, options, and tips which often act handy for a thorough understanding of Docker. Ensure that your approach to learning is more practical than theoretical that helps solve real-world problems. As such, some questions in the DCA exam will check your knowledge of commands, command options, and shortcuts.
As the ultimate focus, your plan should be to gather knowledge that helps you gain a working knowledge of Docker in a practical world.
The Study Schedule above indicates various subject areas you’ll need to cover, categorized into sections with estimated study times based on studying speeds.
The topics – Docker Architecture, Docker Swarm, Kubernetes and Images, carry the bulk of the work, each taking over 20 hours to study. While the topics on Security, Networking, and Disaster Recovery roughly require eight hours for certification level expertise. As part of the Study Schedule, you will also take several mock exams covering each of the subjects, requiring up to twenty-eight hours of your time.
In total, to gain expert-level knowledge helping clear the DCA certification, we estimate that you’ll need to practice for 3 months if you’re learning for two hours a day, 1.5 months studying four hours a day and one month studying 6 hours a day.
Here is a quick quiz to help you assess your knowledge. Leave your answers in the comments below and tag us back.
Quick Tip – Questions below include a mix of DOMC and MCQ types.
- Which statement best describes Quorum?
[A] Quorum is the minimum number of nodes that must be available for the cluster to function properly.
[B] In the case of 3 manager nodes, the quorum is 3
[C] one of the best practises; maintain an odd number of managers in the swarm to support manager node failures.
- Which of the below is a recommended best practice while taking backups of a swarm cluster?
[A] Perform the backup operations from a swarm manager node that is a leader
[B] Perform the backup operations from a swarm worker node
[C] Perform the backup operations from a swarm manager node that is not a leader
**Explanation** It is better to perform a backup operation on a swarm node that is not the leader to avoid leader re-election.
- Which of the following steps are required to add a worker node in the UCP cluster?
[A] Provision a node and Install Docker enterprise engine on it.
[B] Run the <code>docker swarm join</code> command to join the new node to the cluster.
[C] Deploy an instance of the ucp-agent on the new node.
[D] ucp-agent then installs the necessary components on the worker node
- What will happen if the container consumes more memory than its limit?
[A] the container will not be killed
[B] the container will be killed with an Out of Memory exception
[C] the container’s memory usage will be throttled
- How does docker map a port on a container to a port on the host?
[A] Using an internal load balancer
[B] FirewallD Rules
[C] Using an external load balancer
[D] IPTables Rules
- Which of the following solutions support network policies?
- Which command can be used to stop (only and not delete) the whole stack of containers created by compose file?
[B] <code>docker-compose stop</code>
[C] <code>docker-compose destroy</code>
[D] <code>docker-compose halt</code>
- What is the command to run 3 instances of httpd on a swarm cluster?
[A] <code>docker swarm service create –instances=3 httpd</code>
[B] <code>docker swarm service create –replicas=3 httpd</code>
[C] <code>docker service create –instances=3 httpd</code>
[D] <code>docker service create –replicas=3 httpd</code>
- In which service does the DTR image scanning occur?
[A] A service known as the dtr-jobrunner container
[B] A service known as the dtr-registry container
[C] A service known as the dtr-api container
[D]A service known as the dtr-runner container
- Assume that you have 3 managers in your cluster, what will happen if 2 managers fail at the same time? Select the all right answers.
[A] The services hosted on the available worker nodes will continue to run.
[B] The services hosted on the available worker nodes will stop running.
[C] New services/workers can be created or added.
[D] New services/workers can’t be created or added.
Docker Certification Readiness Test
To assess where you stand in your certification journey, take this Docker Certification Readiness Test: https://kodekloud.com/p/docker-certification-readiness-test