You configure a local Docker engine to enforce content trust by setting the environment variable DOCKER_CONTENT_TRUST=1.
If myorg/myimage: 1.0 is unsigned, does Docker block this command?
Solution: docker image import <tarball> myorg/myimage:1.0
A . Yes
B . No
Answer: A
Explanation:
Docker Content Trust (DCT) is a feature that allows users to verify the integrity and publisher of container images they pull or deploy from a registry server, signed on a Notary server1. DCT is enabled by setting the environment variable DOCKER_CONTENT_TRUST=1 on the Docker client. When DCT is enabled, the Docker client will only pull, run, or build images that have valid signatures for a specific tag2. However, DCT does not apply to the docker image import command, which allows users to import an image or a tarball with a repository and tag from a file or STDIN3. Therefore, if myorg/myimage:1.0 is unsigned, Docker will not block the docker image import <tarball> myorg/myimage:1.0 command, even if DCT is enabled. This is because the docker image import command does not interact with a registry or a Notary server, and thus does not perform any signature verification. However, this also means that the imported image will not have any trust data associated with it, and it will not be possible to push it to a registry with DCT enabled, unless it is signed with a valid key.
Reference: Content trust in Docker
Automation with content trust
[docker image import]
[Content trust and image tags]
Latest DCA Dumps Valid Version with 55 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund