CertMaster Real Exam LPI 701–100 (124 QA)

Buy CertMaster Real Exam LPI 701–100 (124 QA) : $ 69

VCE + Test Engine : $ 69

Contact [email protected]

Cert Master Real Exam LPI 701–100: The Ultimate Document to Ace DevOps Tools Engineer Certification

Aspiring professionals seeking to excel in the DevOps domain can now rely on Cert Master Real Exam LPI 701–100 as the definitive preparation guide for the coveted DevOps Tools Engineer certification. This comprehensive document is thoughtfully curated to provide candidates with the necessary knowledge and skills required to excel in their careers and stand out in the competitive IT landscape.

DevOps has emerged as a critical methodology to enhance collaboration between development and operations teams, fostering agility and efficiency in the software development lifecycle. As organizations increasingly embrace DevOps practices, demand for certified DevOps professionals has surged significantly. The LPI DevOps Tools Engineer certification has become the gold standard for recognizing candidates’ expertise in various DevOps tools and methodologies.

Cert Master Real Exam LPI 701–100 is designed with the sole purpose of empowering aspiring DevOps professionals to confidently approach the certification exam. The document covers all the key areas outlined in the LPI exam objectives, ensuring that candidates acquire a comprehensive understanding of essential concepts.

Key Features of Cert Master Real Exam LPI 701–100:

1. Thorough Coverage: The guide covers the essential DevOps tools, methodologies, and best practices required for the certification exam. It delves into continuous integration, continuous delivery, containerization, configuration management, automation, and more.
2. Real-world Scenarios: Cert Master Real Exam LPI 701–100 presents real-world scenarios and hands-on exercises to simulate the challenges faced in practical DevOps environments. This approach helps candidates develop problem-solving skills and ensures they are ready to handle real-life scenarios.
3. Practice Questions: The document includes a rich set of practice questions and quizzes to help candidates assess their knowledge and identify areas that need further improvement. These questions mirror the exam format and difficulty level, making the learning experience more effective.
4. Expertly Authored: The guide is crafted by industry experts with extensive experience in the DevOps domain. Their expertise ensures that candidates receive accurate and up-to-date information on DevOps tools and practices.
5. Exam Tips and Strategies: Cert Master Real Exam LPI 701–100 offers valuable exam tips and strategies to boost candidates’ confidence and optimize their performance during the certification exam.

With Cert Master Real Exam LPI 701–100, aspiring DevOps Tools Engineers can embark on a transformative journey toward a successful career in DevOps. The document’s comprehensive content and practical approach make it a valuable resource for professionals at all levels of expertise.

To access Cert Master Real Exam LPI 701–100 and take the first step toward achieving the LPI DevOps Tools Engineer certification, visit [URL] today.

CertMaster is a leading provider of IT certification and training resources, dedicated to empowering professionals with the knowledge and skills needed to excel in their respective domains. With a team of industry experts and cutting-edge resources, CertMaster continues to drive excellence in the IT certification landscape.

Demo Questions :

1 — After creating a new Docker network using the following command:

docker network create — driver bridge isolated_nw

Which parameter must be added to docker create in order to attach a container to the network ?

A. — attach=isolated_nw

B. — network=isolated_nw

C. — ethernet=isolated_nw

D. — alias=isolated_nw

E. — eth0=isolated_nw

F. B. — network=isolated_nw

G. Explanation: When you create a new Docker network using docker network create, you specify the name of the network (in this case, isolated_nw) and the network driver (–driver bridge is the default bridge network driver).

H. To attach a container to the network, you need to use the –network option followed by the name of the network you want to connect the container to. In this case, the correct parameter to attach a container to the isolated_nw network is –network=isolated_nw.

I. For example, to create a container and attach it to the isolated_nw network, you would use a command like this:

docker create — name my_container — network=isolated_nw my_image

This will create a new container named my_container based on the image my_image and attach it to the isolated_nw network.

2 — After setting up a data container using the following command:

docker create -V/data — name datastore debian /bin/true

How is an additional new container started which shares the /data volume with the datastore container ?

A. docker run — volumes-form datastore — name service debian bash

B. docker run — share-with datastore — name service debian bash

C. docker run -V /data — name service debian bash

D. docker run -V datastore:/data — name service debian bash

E. docker run -volume-backend datastore -v/data — name service debian bash

3 — What is CoreOS Container Linux ?

A. A Linux based operating system distribution for running container hosts and clusters.

B. A container virtualization engine for the Linux Kernel, similar to Docker and rkt.

C. A simplified Linux distribution which only hosts Docker containers without any additional management interface.

D. A container orchestration tool which supports Docker an rkt containers.

E. A Linux distribution optimized to be used as the base image for creating container images.

CoreOS Container Linux is a Linux-based operating system distribution designed for running container hosts and clusters. It was originally developed by CoreOS, Inc., which was later acquired by Red Hat. The primary focus of CoreOS Container Linux is to provide a lightweight and secure platform for running containerized applications.

The correct answer is: A. A Linux-based operating system distribution for running container hosts and clusters.

4 — Which of the following statements in a Dockerfile leads to a container which outputs hello world ? (Choose TWO correct answers)

Please select 2 options.

A. ENTRYPOINT “echo Hello World”

B. ENTRYPOINT echo Hello World

C. ENTRYPOINT [ “echo”, “hello”, “world” ]

D. ENTRYPOINT [ “echo hello world” ]

E. ENTRYPOINT “echo”, “Hello”, “World”

F. The correct answers are:

G. A. ENTRYPOINT “echo Hello World” C. ENTRYPOINT [ “echo”, “hello”, “world” ]

H. Explanation:

I. In a Dockerfile, the ENTRYPOINT instruction is used to configure the command that will be executed when the container starts. The command specified in the ENTRYPOINT is not executed using a shell, which means you should use the JSON array format (option C) or a single string format (option A) to define the command and its arguments.

J. Option B is incorrect because it does not use the correct JSON array format.

K. Option D is incorrect because it uses a single string format, but it should be in JSON array format.

L. Option E is incorrect because it uses a mixed format, which is not valid for the ENTRYPOINT instruction.

5 — If docker stack is to be used to run a Docker Compose file on a Docker Swam, how are the images referenced in the Docker Compose configuration made available on the Swam nodes ?

A. docker stack instructs Swam nodes to pull the images from a registry, although it does not upload the images to the registry.

B. docker stack transfers the image from its local Docker cache to each Swam node.

C. docker stack passes the images to the Swam master which distributes the images to all other Swam nodes.

D. docker stack builds the images locally and copies them to only those Swam nodes which run the service.

E. docker stack triggers the build process for the images on all nodes of the Swam.

Best choice : A. docker stack instructs Swarm nodes to pull the images from a registry, although it does not upload the images to the registry.

Explanation:

When using docker stack to deploy a Docker Compose file on a Docker Swarm, the images referenced in the Docker Compose configuration are expected to be available in a container registry. The docker stack command instructs the Swarm nodes to pull the required images from the specified registry, making them available on the nodes where the services are deployed. It does not upload the images to the registry; rather, it pulls the images from the registry to each node as needed.

Option B, C, D, and E are not accurate descriptions of how images are made available on the Swarm nodes when using docker stack.

6 — A Docker swam contains the following node:

Which of the nodes should be configured as DOCKER_HOST in order to run services on the swam ? (Specify ONLY the HOSTNAME of one of the potential target nodes)

Answer:

To run services on the Docker swarm, any node with the status “Ready” and availability “Active” can be configured as DOCKER_HOST. Since all the nodes in the swarm have the same status and availability, you can choose any one of them. Let’s say you choose “node-1”:

Configure “node-1” as DOCKER_HOST to run services on the Docker swarm.

Please note that the manager status doesn’t directly impact the ability to run services. It indicates the node’s role as a manager in the swarm, which is responsible for orchestrating and managing the cluster, but it doesn’t prevent a worker node from running services.

7 — If a Dockerfile contains the following lines:

RUN cd /tmp

RUN echo test > test

Where is the file test located ?

A. /tmp/test within the container image. test in the directory holding the Dockerfile.

B. /root/test within the container image.

C. /tmp/test on the system running docker build

D. /test within the container image

Answer : A

The file “test” will be located in the container image at the path “/tmp/test”.

Explanation:

When you build a Docker image using a Dockerfile, each instruction in the Dockerfile is executed in a new intermediate container. The RUN instructions in the Dockerfile execute commands within this intermediate container, and any changes made to the container’s file system during these steps are committed to the final image.

In the given Dockerfile, the first RUN instruction changes the current working directory to “/tmp” within the intermediate container, and the second RUN instruction creates a file named “test” with the content “test” in that directory (“/tmp”). The changes made to the file system within the intermediate container will be captured and saved in the final image.

So, when you run a container from the built image, you can find the file “test” at the path “/tmp/test” within the container.

8 — Which of the following values would be valid in the FROM statement in a Dockerfile ?

A. file:/tmp/ubuntu/Dockerfile

B. registry:ubuntu:xential

C. docker://ubuntu:xenial

D. ubuntu:xenial

E. http://docker.example.com/images/ubuntu-xenial/iso

Best choice:

The valid value for the FROM statement in a Dockerfile is:

D. ubuntu:xenial

Explanation:

The FROM statement in a Dockerfile is used to specify the base image from which the new image should be built. The value of the FROM statement should be the name of an existing Docker image available on Docker Hub or a private container registry.

Option A (file:/tmp/ubuntu/Dockerfile) is not a valid value for the FROM statement. It seems to be a file path, not an image name.

Option B (registry:ubuntu:xential) is not a valid value for the FROM statement. It does not follow the correct syntax for specifying a Docker image.

Option C (docker://ubuntu:xenial) is not a valid value for the FROM statement. It includes a protocol (docker://) that is not used in the FROM statement.

Option E (http://docker.example.com/images/ubuntu-xenial/iso) is not a valid value for the FROM statement. It appears to be a URL, not an image name.

Only option D (ubuntu:xenial) follows the correct syntax for specifying an image name in the FROM statement. It means the Dockerfile will use the “ubuntu” image with the “xenial” tag as the base image for building the new image.

9 — Give the following Kubernetes deployment:

Which command scales the application to five containers ? *

NAME

myapp DESIRED 2 CURRENT 2 UP-TO-DATE 9 AVAILABLE AGE

0 17s

Q kubectl edit deployment/myapp replicas=5

Q kubectl deployment myapp replicas=5

(2) kubectl scale deployment/myapp — replicas=5

Q kubectl replicate deployment/myapp +3

Q kubectl clone depyment/myapp 3

10 — Which property of a Kubernetes Deployment specifies the number of instances to create for a specific Pod ? (Specify only the option name, no matter of its location in the object hierarchy)

Answer:

The property of a Kubernetes Deployment that specifies the number of instances to create for a specific Pod is:

replicas

The replicas property is used to define the desired number of instances (Pod replicas) for the application running inside the Deployment. By setting the replicas value, you can control how many identical copies of the Pod should be created and managed by the Kubernetes Deployment.

11 — Which sub command of docker volume deletes all volumes which are not associated with a container ? (Specify ONLY the sub command without any path or parameters)

Answer:

The sub command of Docker volume that deletes all volumes which are not associated with a container is:

prune

So the full command is docker volume prune. This command will remove all unused volumes, which means volumes that are not currently being used by any containers. Be careful when running this command, as it will permanently delete all unused volumes and their data.

12 — What is the purpose of a .dockerignore file ?

A. It specifies which parts of a Dockerfile should be ignored when building a Docker image.

B. It must be placed in the top level directory of volumes that Docker should never attached automatically to a container.

C. It exists in the root file system of containers that should ignore volumes and ports provided by Docker.

D. It specifies files that Docker does not submit to the Docker daemon when building a Docker image

E. It lists files existing in a Docker image which should be excluded when building a derivative image.

Best Choice : D. It specifies files that Docker does not submit to the Docker daemon when building a Docker image.

Explanation:

The purpose of a .dockerignore file is to specify which files and directories should be excluded from the context that is sent to the Docker daemon when building a Docker image using the docker build command. This allows you to control what files are included or ignored during the image building process.

The .dockerignore file works similarly to .gitignore in Git. It helps prevent unnecessary or sensitive files from being included in the image, reducing its size and avoiding potential security risks.

Option A is incorrect because a .dockerignore file does not affect the Dockerfile itself. It is used during the building process, not during the interpretation of the Dockerfile.

Option B and C are incorrect because a .dockerignore file is not related to volumes or ports in containers. It deals with files and directories during the image building process.

Option E is also incorrect because the .dockerignore file lists files that should be excluded from the context during image building, not files that should be excluded from an existing Docker image when creating a derivative image.

Top of Form

13 — Which of the following tasks are achievable using docker-machine ? (Choose THREE correct answers)

A. Start and stop Docker containers on remote Docker hosts.

B. Set environment variables to configure the docker command.

C. Install a new Docker host in a virtual machine.

D. Migrate running containers from on Docker host to another.

E. Open an interactive shell on a remote Docker host using an SSH connection.

The THREE correct answers are:

A. Start and stop Docker containers on remote Docker hosts.

C. Install a new Docker host in a virtual machine.

E. Open an interactive shell on a remote Docker host using an SSH connection.

Explanation:

A. Docker Machine allows you to start and stop Docker containers on remote Docker hosts. It provides a way to manage and control Docker hosts from your local machine.

C. Docker Machine can install Docker on a remote host, typically in a virtual machine. This allows you to easily create new Docker hosts on various platforms, including VirtualBox, VMware, AWS, etc.

E. Docker Machine allows you to open an interactive shell on a remote Docker host using an SSH connection, which is useful for managing the Docker host remotely and executing commands on it.

14 — What happens when the following command is executed twice in succession ?

docker run -tid -V data:/data debian bash

A. The second command invocation fails with an error stating that the volume data is already associated with a running container.

B. The container resulting from the second invocation can only read the content of /data/ and can not change it.

C. The original content of the container image data is available in both containers, although changes stay local within each container.

D. Both containers share the contents of the data volume, have full permissions to alter its content and mutually see their respective changes.

E. Each container is equipped with its own independent data volume, available at/data/ in the respective container.

Best Answer : E. Each container is equipped with its own independent data volume, available at /data/ in the respective container.

Explanation:

When the command docker run -tid -V data:/data debian bash is executed, it creates a new container from the “debian” image with an independent data volume named “data” mounted at the path “/data” inside the container. The -V flag is used to create a named volume that persists data outside the container.

If you execute the same command again (i.e., docker run -tid -V data:/data debian bash) for a second time, it will create another new container with its own independent data volume named “data.” Each container will have its own isolated data volume associated with it, and changes made in one container will not affect the other container’s data.

So, both containers will have access to their respective data volumes mounted at /data/ within each container, and any changes made in one container’s data volume will not be visible or affect the other container’s data volume. This provides isolation between the two containers in terms of data.

15 — When creating a new Docker network, which mechanisms are available for address assignments to containers on the new network ? (Choose TWO correct answers)

A. By default, Docker chooses an unused private address space and assigns addresses from this network to containers.

B. All networked containers must contain at least one IPADRRESS statement in their Dockerfile specifying the container’s address.

C. Docker does not configure IP addresses and replies on the containers to configure their network interface with a valid IP address.

D. By default, Docker requests one address per container using DHCP on the interface used by the host system’s default route.

E. docker network create allows specifying a network to be used for container addressing using — subnet.

F. The correct answers are:

G. A. By default, Docker chooses an unused private address space and assigns addresses from this network to containers. E. docker network create allows specifying a network to be used for container addressing using –subnet.

H. Explanation:

I. A. By default, Docker creates a bridge network for each new network, and it automatically assigns IP addresses to the containers from an unused private address space. This allows containers to communicate with each other within the bridge network.

J. E. When creating a new Docker network using docker network create, you can specify a subnet using the –subnet option. This allows you to define a specific address range for the containers within the network.

K. Options B, C, and D are not correct:

L. B. Containers do not require an IP address statement in their Dockerfile. The IP address assignment is handled by Docker, and the container does not explicitly specify its IP address in the Dockerfile.

M. C. Docker is responsible for configuring IP addresses for containers. It automatically assigns IP addresses to containers within the network. The containers do not configure their network interface with IP addresses.

N. D. Docker does not use DHCP to request IP addresses for containers by default. The IP address assignment is managed by Docker’s networking features, and it does not rely on the host system’s DHCP.

O. In summary, Docker handles IP address assignments for containers by default, and you can also specify a subnet when creating a new network using the docker network create command.

16 — The file myapp.yml exists with the following content:

version: “3”

services:

frontend:

image: frontend

ports:

– “80:80”

backend:

image: backend

deploy:

replicas: 2

Given that this file was successfully processed by docker stack deploy myapp — compose-file myapp.yml, which of the following objects might be created ?

(Choose THREE correct answers)

A. An overlay network called myapp_default

B. A node called myapp_frontend

C. A container called myapp_backend.2.ymia7v7of5g02j3j3i1btt8z

D. A volume called myapp_frontend.1

E. A service called myapp_frontend

Answer :

The correct answers are:

A. An overlay network called myapp_default C. A container called myapp_backend.2.ymia7v7of5g02j3j3i1btt8z E. A service called myapp_frontend

Explanation:

A. An overlay network called “myapp_default” will be created by Docker when using the docker stack deploy command. The default network name for a stack is the stack name followed by “_default.”

C. A container called “myapp_backend.2.ymia7v7of5g02j3j3i1btt8z” will be created. The container name includes the service name (“myapp_backend”) and a unique identifier for the specific instance of the container.

E. A service called “myapp_frontend” will be created based on the “frontend” service defined in the myapp.yml file. The service name is derived from the service definition in the Docker Compose file.

Option B and D are not correct:

B. A node called “myapp_frontend” will not be created. Nodes refer to individual worker nodes in a Docker Swarm cluster and are not automatically created based on service definitions.

D. A volume called “myapp_frontend.1” will not be created. The volumes section is not specified in the given Docker Compose file, so no named volumes will be automatically created based on the services defined in the file.

17 — What has to be done to configure Filebeat to submit log information to Logstash ? (Choose TWO correct answers)

A. Replace the input section of the Logstash configuration by a filebeat section

B. Add an output.logstash section to the Filebeat configuration and specify the Logstash server in that section’s hosts attribute.

C. Install Filebeat on the Logstash server and allow the Linux user running the Filebeat daemon to login to the remote host via SSH without using a password

D. Add a beats section to the input section of the Logstash configuration

E. Add the IP address of the Filebead node to the option accept option in the section ad of the Logstash input configuration.

18 — Which of the following best practices helpl to handle large amounts of log data when using the Elastic Stack for log management ? (Choose THREE correct answers)

A. Exclude obviously meaningless log data from log processing as early as possible.

B. Disable logging generally and only enable it in case of failures or errors.

C. Disable logging of all services and components which are externally monitored.

D. Frequently rotate logs on their origin systems and delete logs that were shipped to Logstash.

E. Leverage Elasticsearch indexes for the deletion of expired log data.

Answer :

The correct answers are:

B. Add an output.logstash section to the Filebeat configuration and specify the Logstash server in that section’s hosts attribute.

D. Add a beats section to the input section of the Logstash configuration.

Explanation:

A. This statement is incorrect because you don’t need to replace the input section of the Logstash configuration with a filebeat section. Filebeat and Logstash are separate components, and you configure them independently.

B. This is a correct step. To configure Filebeat to submit log information to Logstash, you need to add an “output.logstash” section in the Filebeat configuration file (usually named filebeat.yml). In this section, you specify the Logstash server’s IP address and port in the “hosts” attribute. This tells Filebeat where to send the log data.

C. This statement is incorrect. Filebeat does not need to be installed on the Logstash server. Filebeat is installed on the client/server that generates the logs you want to collect and ship to Logstash.

D. This is a correct step. In the Logstash configuration, you add a “beats” section to the input section. This allows Logstash to listen for incoming data from Filebeat, which uses the Beats input plugin to send data to Logstash.

E. This statement is incorrect. The “accept” option in the Logstash input configuration is used to specify which IP addresses are allowed to send data to Logstash. However, Filebeat communicates with Logstash using its own protocol, so you don’t need to use the “accept” option for Filebeat communication.

In summary, to configure Filebeat to submit log information to Logstash, you need to add an “output.logstash” section in the Filebeat configuration and specify the Logstash server’s IP address and port. Additionally, in the Logstash configuration, you add a “beats” section to the input section to allow Logstash to listen for incoming data from Filebeat.

19 — What happens if a grok filter in Logstash processes a log message which does not match the pattern in the filter’s match property ?

A. The message is passed to the unparseable output and no other filters are applied to it.

B. The message is truncated to those parts which have been matched by filters

C. The message is dropped and no other filters are applied to it.

D. The message is kept unchanged and no other filters are applied to it.

E. The message is flagged with the _grokparsefailiure tag

Answer :

E. The message is flagged with the _grokparsefailure tag.

Explanation:

When a grok filter in Logstash processes a log message that does not match the pattern specified in the filter’s match property, Logstash will not be able to extract meaningful data from the message. In such cases, Logstash will tag the message with the _grokparsefailure tag.

The _grokparsefailure tag indicates that the grok filter was unable to parse the log message using the specified pattern. This tagging helps to identify which log messages failed to match the expected pattern, which can be useful for troubleshooting and further processing in the Logstash pipeline.

The original log message remains unchanged, and no other filters are applied to it after the grok filter fails to match the pattern. The _grokparsefailure tag is simply added to the log event to indicate that the grok parsing was not successful.

20 — Consider the following log message:

which of the variables below are contained in the resulting event object ? (Choose TWO correct answers)

Jun 30 00:36:49 headnode clustermanager [12353Ị : new node 198.SI. 100.103

This log message IS processed by the following Logstash filter

grok {

match → t “message”, “% (SYSLOGBASE} new node %lIPORHOST:node} ** ] )

A. node

B. grok

C. SYSLOGBASE

D. IPORHOST

E. message

Besy choice :

The correct answers are:

C. SYSLOGBASE D. IPORHOST

Explanation:

The given log message is being processed by the following grok filter:

grok {

match => { “message” => “%{SYSLOGBASE} new node %{IPORHOST:node}” }

}

Let’s break down the pattern:

1. %{SYSLOGBASE}: This is a predefined pattern in Logstash used to match standard syslog timestamp and hostname fields. It includes the timestamp and hostname from the log message. In this case, it matches “Jun 30 00:36:49 headnode clustermanager [12353Ị :” in the log message.

2. new node: This part of the pattern matches the literal text “new node” in the log message.

3. %{IPORHOST:node}: This part of the pattern is used to match an IP address or hostname and save it in a field called “node”. In the log message, it matches “198.SI.100.103” as the IP address.

Based on the grok pattern, the resulting event object will have two fields:

C. SYSLOGBASE: It will contain the timestamp and hostname extracted from the log message.

D. IPORHOST: It will contain the IP address “198.SI.100.103” extracted from the log message and saved in the “node” field.

21 — What kind of data is provided to Prometheus by a monitored service ?

A. The monitored service provides metric values for kets defined in Prometheus’s monitoring schema.

B. The monitored service provides one metric value which replaces the former value of the service’s register in Prometheus.

C. The monitored service provides a status in terms of one of three well defined service states.

D. The monitored service provides an interface which Prometheus queries for the value of a specific metric key.

E. The monitored service provides arbitray pairs of keys and metric values which are scraped by Prometheus.

Answer :

E. The monitored service provides arbitrary pairs of keys and metric values which are scraped by Prometheus.

Explanation:

Prometheus is a monitoring and alerting toolkit, and it collects metric data from monitored services using a pull-based model. In this model, Prometheus periodically scrapes metrics data from the monitored services’ HTTP endpoints.

The monitored service exposes its metric data through an HTTP endpoint in a specific format that Prometheus understands. The data provided by the monitored service consists of arbitrary pairs of keys (metric names) and metric values. These pairs of keys and values are referred to as “time series” in Prometheus.

Each metric in Prometheus is identified by a unique key, typically consisting of labels and a metric name. For example, a metric key could be “http_requests_total{method=’GET’, endpoint=’/api’},” where “http_requests_total” is the metric name, and “{method=’GET’, endpoint=’/api’}” are labels that provide additional information about the metric.

Prometheus scrapes these time series data regularly, collects, stores, and analyzes the data over time, allowing for querying, graphing, and generating alerts based on the metrics provided by the monitored services.

So, option E is correct as it describes the way Prometheus receives data from monitored services in the form of arbitrary pairs of keys and metric values (time series).

22 — Which criteria can packet filtering firewalls use to permit or suppress traffic ? (Choose TWO correct answers)

A. IP addresses

B. TCP and UDP ports 2I

C. HTTP Cookies

D. Common Names in X.509 certificates

E. Object IDs in REST URLs

Answer:

The correct answers are:

A. IP addresses B. TCP and UDP ports

Explanation:

Packet filtering firewalls can use the following criteria to permit or suppress traffic:

A. IP addresses: Firewalls can filter traffic based on the source and destination IP addresses. This allows administrators to control which hosts are allowed to communicate with each other.

B. TCP and UDP ports: Firewalls can filter traffic based on the TCP or UDP port numbers used in the packets. This allows administrators to control which services or applications are accessible from the network.

Options C, D, and E are not correct:

C. HTTP Cookies: Firewalls generally do not inspect the contents of application-layer data like HTTP cookies. Packet filtering firewalls operate at lower layers of the network stack and focus on IP and transport layer headers.

D. Common Names in X.509 certificates: This is related to SSL/TLS certificate validation, which happens at the application layer. Packet filtering firewalls do not typically inspect SSL/TLS certificates, as this requires deep packet inspection (DPI) capabilities.

E. Object IDs in REST URLs: REST URLs are part of the application-layer data and are not directly relevant to packet filtering. Packet filtering firewalls operate at lower layers of the network stack and do not inspect application-layer data.

In summary, packet filtering firewalls primarily use IP addresses and TCP/UDP ports as criteria to control the flow of network traffic. They are not designed to inspect application-layer data like HTTP cookies, SSL/TLS certificates, or REST URLs.

23 — Which of the following scenarios describes SSL offloading ?

A. Requests which arrive plain text via HTTP are redirected to HTTPS URLs to enforce encrttion.

B. To use HTTPS for multiple hosts in the same domain, a wildcard certificate is used on all nodes hosting the services.

C. Requests which arrive encrypted via HTTPS are answered with redirects to HTTP URLs to improve performance.

D. Incoming HTTPS connections are received by a load balancer which handles the encrytion and passes decryted requets on to the backend servers.

E. The main content of a website deliverd using HTTPS, assets such as images or scripts are delivered using HTTP

Answer:

D. Incoming HTTPS connections are received by a load balancer which handles the encryption and passes decrypted requests on to the backend servers.

Explanation:

SSL offloading (also known as SSL termination or SSL acceleration) is a technique used to offload the SSL/TLS encryption and decryption process from the backend servers to a dedicated device or load balancer. This allows the backend servers to focus on processing application logic and reduces the computational overhead required for SSL/TLS encryption.

In scenario D, incoming HTTPS connections are received by a load balancer, which is responsible for terminating the SSL/TLS encryption. The load balancer decrypts the incoming requests, processes them in plaintext, and then forwards the decrypted requests to the backend servers over an internal network without re-encrypting them.

Benefits of SSL offloading include improved performance and reduced computational load on backend servers, as they don’t need to perform SSL/TLS encryption and decryption for every incoming request.

Option A, B, C, and E do not accurately describe SSL offloading:

A. This scenario describes enforcing encryption by redirecting HTTP requests to HTTPS URLs, which is related to SSL enforcement, not SSL offloading.

B. This scenario describes the use of a wildcard SSL certificate for multiple hosts in the same domain, which is related to SSL certificate management, not SSL offloading.

C. This scenario describes redirecting encrypted HTTPS requests to HTTP URLs, which would defeat the purpose of SSL and is not related to SSL offloading.

E. This scenario describes delivering main website content using HTTPS but delivering assets (images or scripts) using HTTP. This is a mixed content scenario, not SSL offloading.

24 — What is the default URL Prometheus tries to retrive from a target when gathering monitoring information ? (Specify the full URL, without any hostname or scheme)

Answer :

The default URL that Prometheus tries to retrieve from a target when gathering monitoring information is:

/metrics

Prometheus scrapes the /metrics endpoint of the target to collect metrics data. This endpoint is where the target exposes its metrics data in a format that Prometheus understands, and it includes various metrics about the target’s performance and status.

For example, if you have a target (e.g., a web server) running on a host with the IP address 192.168.1.100, Prometheus will attempt to fetch metrics data from the following URL:

http://192.168.1.100:9102/metrics

Note: The exact port number (in this example, 9102) may vary depending on how you have configured the target’s Prometheus exporter or any custom settings you have in your Prometheus configuration.

25 — What is the difference between the commands git diff and git diff — cached ? (Choose TWO correct answers)

A. git diff — cached shows changes of all commits that were not pushed to origin yet

B. git diff shows changes that were not added to the next commit

C. git diff and git diff — cached always lead to the same result if a repositoty does not have at least one remote repository

D. git diff — cached shows changes that will be included in the next commit

E. git diff — cached shows changes included in the last successful commit of the current branch.

Answer:

The correct answers are:

B. git diff shows changes that were not added to the next commit.

D. git diff — cached shows changes that will be included in the next commit.

Explanation:

A. git diff — cached does not show changes of all commits that were not pushed to origin. Instead, it shows the changes that have been staged (added to the index) and will be included in the next commit.

B. git diff shows the difference between the working directory and the staging area (index). It shows changes that have not been staged for the next commit.

C. git diff and git diff — cached do not always lead to the same result, even if the repository does not have a remote repository. git diff shows changes between the working directory and the staging area, while git diff — cached shows changes between the staging area and the latest commit.

D. git diff — cached, as mentioned earlier, shows changes that will be included in the next commit. These changes are already staged (added to the index) and ready to be committed.

E. git diff — cached does not show changes included in the last successful commit of the current branch. It shows changes that have been staged for the next commit but not committed yet. To see changes in the last commit, you can use git show HEAD.

In summary:

· git diff shows changes between the working directory and the staging area (index).

· git diff — cached shows changes between the staging area and the latest commit (changes that will be included in the next commit).

26 — The following output is generated by git branch:

development

master

production

* staging

How can git chang from development to staging

******** Hình mờ ******* *

Xem lại hình …

27 — Which of the following statements are true when using continuous delivery for an application which is subject to strong compliance requirements such as an SLA (choose 2)

A. Given a sufficient number of tests, continous deployment has no implications on the compliance of an application.

B. The deployment to production should be subject to manual review and approval

C. Continuous delivery limits the risks associated with deployment by using tested automatic procedures.

D. Continuous delivery increases the risks associated with deployment and is no suited for compliance critical application.

E. The deployment and release of software does not affect the compliance of an application general.

Answer :

The correct answers are:

B. The deployment to production should be subject to manual review and approval.

C. Continuous delivery limits the risks associated with deployment by using tested automatic procedures.

Explanation:

A. This statement is not entirely true. While having a sufficient number of tests helps ensure the application’s quality and compliance, it does not guarantee compliance on its own. Other factors, such as manual review and approval, are also necessary.

B. This statement is true. When dealing with strong compliance requirements, it is essential to have a controlled deployment process that includes manual review and approval before deploying to production. This ensures that the changes have been thoroughly examined and meet all compliance requirements before being released.

C. This statement is true. Continuous delivery focuses on automating the deployment process and relies on well-tested procedures. By using automated and tested deployment procedures, the risks associated with human error and inconsistencies are minimized, which is beneficial when compliance is a concern.

D. This statement is not true. Continuous delivery, when implemented correctly, can reduce the risks associated with deployment by using automation and thorough testing. It is well-suited for compliance-critical applications as it provides a consistent and controlled deployment process.

E. This statement is not entirely true. The deployment and release of software can have an impact on the compliance of an application. Continuous delivery aims to ensure that each release meets compliance requirements by employing automated tests and a reliable deployment process.

In summary, when strong compliance requirements, such as SLAs, are in place, continuous delivery can be beneficial as long as it includes manual review and approval before deployment and relies on well-tested and automated procedures to reduce deployment risks.

28 — What is the benefit on feature toggles? (Choose TWO correct answers)

A. Feature toggles decouple technical deployments from the official launch of a product.

B. Feature toggles reduce the build time by excluding unnecessary features from a build

C. Feature toggles eliminate the need for feature branches in an SCM during development

D. Feature toggles start microservices on demand when their functionality is requested.

E. Feature toggles can enable new features for advanced users before globally releasing them.

Answer :

The correct answers are:

A. Feature toggles decouple technical deployments from the official launch of a product.

E. Feature toggles can enable new features for advanced users before globally releasing them.

Explanation:

A. Feature toggles allow developers to deploy new features to production but keep them hidden from end-users until they are ready for an official launch. This decouples the technical deployment of a feature from the product’s official release, allowing development teams to release features independently and with more control over when they become available to users.

B. While feature toggles can exclude certain features from being active for end-users, they do not directly impact the build time. The build time depends on the codebase size, build configurations, and the number of dependencies but not necessarily on feature toggles.

C. Feature toggles do not eliminate the need for feature branches in source code management (SCM) during development. Feature branches are commonly used to develop and test new features in isolation before they are merged into the main development branch. Feature toggles are used to control the visibility of features at runtime, while feature branches manage code changes during development.

D. Feature toggles are not related to starting microservices on demand. Microservices are typically managed and orchestrated by container platforms like Kubernetes or containerization tools like Docker, and their availability is managed by the container orchestrator based on the desired number of replicas.

E. Feature toggles are useful for enabling new features for specific users or user groups, including advanced users or early adopters, before those features are globally released to all users. This allows for controlled rollouts and gathering feedback from a smaller group of users before a wider release.

29 — Question : In order to execute one step of a declarative Jenkins pipeline on a Jenkins node with a specific set o flabels, which element has to be present in the respectiv satge?

A. server

B. executor

C. slave

D. agent

E. selector

Answer : D. agent

In a declarative Jenkins pipeline, the “agent” directive is used to specify on which Jenkins node (agent) a particular stage should be executed. This allows you to control the environment and labels of the node where a specific stage will run.

For example, to execute a stage on a Jenkins node with specific labels, you can use the “agent” directive like this:

pipeline {

agent {

label ‘my-specific-label’

}

stages {

stage(‘Build’) {

steps {

// Your build steps here

}

}

// Additional stages…

}

}

In this example, the “agent” directive with the “label” parameter specifies that the “Build” stage should run on a Jenkins node with the label “my-specific-label.” Jenkins will find a node with that label and execute the stage on that node.

By using the “agent” directive, you can control the node where each stage of the pipeline will be executed, allowing for flexible and distributed build and deployment configurations.

30 — When can an SQL injection attach happen ?

A. When strings ot arbitrary length ate passed to a database so they can exceed the length of a data type or data field

B. When characters or sitings received horn an external source are passed unchanged Io a database so they can inckxle SOL statements

C. When SQL statements are stored as database content rind might be relumed unchanged Io a deft Querying Ibe database

D. When database queries at an appl.cat.on are redi.eơed to anotter server which then receives corral .ntormauon and mgh return manipulated data

E. When an API which causes writes 10 the database can be inggeied remotely without rale limits or other restrictions

Answer:

B. When characters or strings received from an external source are passed unchanged to a database so they can include SQL statements.

C. When SQL statements are stored as database content and might be returned unchanged in a database query.

Explanation:

An SQL injection attack is a type of security vulnerability in which an attacker can manipulate an application’s input to inject malicious SQL code into the application’s database queries. This can lead to unauthorized access to data, data manipulation, or even the complete takeover of the database.

B. This scenario describes a common situation where an application accepts input from an external source (such as user input in a web form) and directly passes that input to the database without proper validation or sanitization. If the input contains malicious SQL code, it can be executed on the database server.

C. In some cases, SQL statements might be stored as part of the database content, such as in a text field or a script. If the application retrieves and executes these stored SQL statements without proper validation, it can be vulnerable to SQL injection attacks.

The other options are not directly related to SQL injection attacks:

A. This option is not related to SQL injection attacks but rather to issues with handling data types and data fields in the database.

D. This option describes a scenario involving a server-to-server communication and does not involve SQL injection directly.

E. This option describes a scenario where an API that writes to the database is exposed without proper security measures but does not specifically involve SQL injection attacks.

Buy Full DUMP (PDF) : $ 69