30 DCA Questions #1: Test Your Docker Knowledge
certificationintermediate

30 DCA Questions #1: Test Your Docker Knowledge

Practice with 30 typical Docker Certified Associate exam questions. Interactive DOMC format, detailed explanations and common pitfalls to avoid.

Antoine C
15 min read
#docker#certification#dca#quiz#domc#questions#practice#docker certified associate

You know Docker, but are you really ready for the Docker Certified Associate exam?

This article offers you 30 typical questions across the 6 exam domains, using the DOMC (Discrete Option Multiple Choice) format identical to the real exam. One option at a time, YES or NO, no going back.

How to use this article:

  1. Interactive quizzes: 20 questions in DOMC format to practice under real conditions
  2. Text questions: 10 additional questions with detailed explanations
  3. Explanations: Each answer is justified to consolidate your knowledge

If you're not familiar with the DOMC format yet, check out our article What is DOMC? first to understand this unique format.

Prepare for DCA Exam with DOMC Quizzes
200+ questions in the exact DOMC format used in the official exam. Timer, detailed scoring, and complete explanations.
Start a DCA Quiz

Ready? Let's go!

Orchestration (25% of the exam)#

Orchestration is the most important domain of the DCA exam. It covers Docker Swarm, services, stacks, scaling and rolling updates.

25% de l'examen5 questions
Quiz : Orchestration
Format DOMC identique à l'examen. Une option à la fois, OUI ou NON.

Additional Questions - Orchestration#

Q6: What's the difference between docker service create and docker stack deploy?

docker service create creates a single service, while docker stack deploy deploys a multi-service application defined in a Compose file. Stacks are ideal for complex applications with multiple interdependent services.

bash
# Single service
docker service create --name web nginx

# Multi-service stack
docker stack deploy -c docker-compose.yml myapp

Q7: How do you force a service to redeploy without changing its configuration?

Use docker service update --force myapp. This command redeploys all replicas even if nothing has changed, useful for refreshing images or resetting state.

Q8: Which option limits the number of replicas updated simultaneously?

The --update-parallelism option controls how many replicas are updated in parallel. By default, it's 1 (sequential). --update-parallelism 2 updates 2 replicas at a time.

Ready to Try This Yourself?
Practice these Docker concepts in a real environment with hands-on scenarios.
Start Free SessionView Scenarios

Images & Registry (20% of the exam)#

This domain covers image creation with Dockerfile, registry management, and build best practices.

20% de l'examen4 questions
Quiz : Images & Registry
Format DOMC identique à l'examen. Une option à la fois, OUI ou NON.
Common pitfall: Build cache

The order of instructions in a Dockerfile affects the cache. Place instructions that rarely change (apt-get install) before those that change often (COPY source code). A modification invalidates the cache for all subsequent instructions.

Additional Questions - Images#

Q5: How do you reduce the size of a Docker image?

  • Use lightweight base images (alpine, distroless)
  • Combine RUN commands with &&
  • Use multi-stage builds
  • Clean caches in the same RUN instruction
  • Use .dockerignore to exclude unnecessary files

Q6: Which command shows the layer history of an image?

bash
docker image history myimage:v1
# or
docker history myimage:v1

Installation & Configuration (15% of the exam)#

This domain covers Docker installation, daemon configuration, storage drivers and logging.

15% de l'examen3 questions
Quiz : Installation & Configuration
Format DOMC identique à l'examen. Une option à la fois, OUI ou NON.

Additional Questions - Configuration#

Q4: How do you configure Docker to use a registry mirror?

In /etc/docker/daemon.json:

json
{
  "registry-mirrors": ["https://mirror.example.com"]
}

Q5: Which logging driver sends logs to a centralized system?

Docker supports several logging drivers: json-file (default), syslog, journald, fluentd, gelf, awslogs. For a centralized system, fluentd or gelf are recommended.

Networking (15% of the exam)#

This domain covers Docker networks, overlay networks, internal DNS and load balancing.

15% de l'examen3 questions
Quiz : Networking
Format DOMC identique à l'examen. Une option à la fois, OUI ou NON.
Put Theory Into Practice
Apply what you've learned with interactive Docker scenarios and real environments.
Try It NowView Scenarios

Additional Questions - Networking#

Q4: What's the difference between host and ingress modes for a published port?

  • Ingress mode (default): The port is published on all Swarm nodes (routing mesh). Requests are load-balanced to replicas.
  • Host mode: The port is published only on nodes where the service runs. No routing mesh.
bash
# Ingress (default)
docker service create -p 8080:80 nginx

# Host mode
docker service create -p mode=host,target=80,published=8080 nginx

Q5: How do you inspect the network configuration of a container?

bash
docker inspect --format='{{json .NetworkSettings.Networks}}' mycontainer
# or
docker network inspect mynetwork
Master Docker Hands-On
Go beyond theory - practice with real containers and orchestration scenarios.
Start PracticingView Scenarios

Security (15% of the exam)#

This domain covers secrets, configs, content trust, capabilities and vulnerability scanning.

15% de l'examen3 questions
Quiz : Security
Format DOMC identique à l'examen. Une option à la fois, OUI ou NON.
Security pitfall: Secrets vs Environment Variables

Never store secrets in environment variables (ENV in Dockerfile or -e in docker run). Variables are visible in docker inspect and can leak in logs. Always use Docker Secrets for sensitive information.

Additional Question - Security#

Q4: Which Linux capabilities should you drop to enhance security?

By default, Docker already drops dangerous capabilities. To further harden:

bash
docker run --cap-drop ALL --cap-add NET_BIND_SERVICE nginx

Commonly dropped capabilities: SYS_ADMIN, NET_ADMIN, SYS_PTRACE. Only keep those strictly necessary.

Storage (10% of the exam)#

This domain covers volumes, bind mounts, and storage drivers.

10% de l'examen2 questions
Quiz : Storage
Format DOMC identique à l'examen. Une option à la fois, OUI ou NON.

Summary and Tips#

You've just gone through 30 questions covering the 6 domains of the DCA exam. Here are the key points to remember:

Most Challenging Domains#

  1. Orchestration (25%): This is the heaviest domain. Master docker service, docker stack, and rolling update options.

  2. Images & Registry (20%): Understand multi-stage builds and Dockerfile cache invalidation order well.

  3. Networking (15%): The routing mesh and differences between network types are often misunderstood.

Exam Tips#

  • Hands-on practice: The DOMC format rewards practical knowledge, not theory
  • Watch the syntax: --update-delay vs --update-interval, --from= vs --stage=
  • Read carefully: A valid command can be incorrect if it doesn't answer the question asked

Next Steps#

  1. Continue with 30 DCA Questions #2 for 30 new questions
  2. Redo the quizzes where you made mistakes
  3. Practice the commands in a real Docker environment
  4. Check out our article Preparing for DCA in 6 Weeks for a structured plan

Good preparation, and good luck on your DCA exam!

30 DCA Questions #1: Test Your Docker Knowledge